CVE-2013-5723
https://notcve.org/view.php?id=CVE-2013-5723
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." Vulnerabilidad de inyección SQL en SAP NetWeaver 7.30 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar, relacionado con "ABAD0_DELETE_DERIVATION_TABLE." • http://osvdb.org/96900 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54702 http://www.securityfocus.com/bid/62147 http://www.securitytracker.com/id/1029018 https://erpscan.io/advisories/dsecrg-13-016-sap-netweaver-abad0_delete_derivation_table https://service.sap.com/sap/support/notes/1840249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-3319 – SAP Host Agent Information Disclosure
https://notcve.org/view.php?id=CVE-2013-3319
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. El metodo GetComputerSystem en el servicio HostControl en SAP Netweaver v7.03 permite a atacantes remotos obtener información sensible a través de una solicitud SOAP manipulada al puerto TCP 1128. • http://labs.integrity.pt/advisories/cve-2013-3319 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54277 https://exchange.xforce.ibmcloud.com/vulnerabilities/85905 https://service.sap.com/sap/support/notes/1816536 https://launchpad.support.sap.com/#/notes/1816536 https://labs.integrity.pt/advisories/cve-2013-3319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3243
https://notcve.org/view.php?id=CVE-2013-3243
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Vulnerabilidad sin especificar en OpenText/IXOS ECM para SAP NetWeaver permite a atacantes remotos ejecutar código arbitrario ABAP a través de vectores sin especificar. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0214.html http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/57-esnc-2013-004-remote-abap-code-injection-in-opentext-ixos-ecm-suite-for-sap-netweaver.html •
CVE-2013-1592 – SAP NetWeaver Message Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1592
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Desbordamiento de Búfer en la función _MsJ2EE_AddStatistics() del servicio Message Server cuando se envían paquetes de SAP Message Server especialmente diseñados hacia los puertos TCP remotos 36NN y/o 39NN en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, lo que podría permitir a un usuario malicioso remoto ejecutar código arbitrario. • https://www.exploit-db.com/exploits/24511 http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities http://www.exploit-db.com/exploits/24511 http://www.securityfocus.com/bid/57956 http://www.securitytracker.com/id/1028148 https://exchange.xforce.ibmcloud.com/vulnerabilities/82064 https://packetstormsecurity.com/files/cve/CVE-2013-1592 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2013-1593
https://notcve.org/view.php?id=CVE-2013-1593
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. • http://www.securityfocus.com/bid/57956 http://www.securitytracker.com/id/1028148 https://exchange.xforce.ibmcloud.com/vulnerabilities/82065 https://packetstormsecurity.com/files/cve/CVE-2013-1593 https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities • CWE-129: Improper Validation of Array Index •