CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2011-1517
https://notcve.org/view.php?id=CVE-2011-1517
05 Feb 2020 — SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. SAP NetWeaver versión 7.0, permite una ejecución de código remota y una denegación de servicio causada por un error en la función DiagTraceHex(). Mediante el envío de un paquete especialmente diseñado, un atacante podría explotar esta vulnerabilidad para causar que la apli... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0061.html •
CVSS: 7.5EPSS: 27%CPEs: 4EXPL: 1CVE-2013-1593
https://notcve.org/view.php?id=CVE-2013-1593
23 Jan 2020 — A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. • http://www.securityfocus.com/bid/57956 • CWE-129: Improper Validation of Array Index •
CVSS: 10.0EPSS: 86%CPEs: 4EXPL: 3CVE-2013-1592 – SAP NetWeaver Message Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1592
23 Jan 2020 — A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Desbordamiento de Búfer en la función _MsJ2EE_AddStatistics() del servicio Message Server cuando se envían paquetes de SAP Message Server especialmente diseñ... • https://www.exploit-db.com/exploits/24511 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
09 Oct 2018 — In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2434
https://notcve.org/view.php?id=CVE-2018-2434
10 Jul 2018 — A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. Una vulnerabilidad de suplantación de conten... • http://www.securityfocus.com/bid/105088 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10311
https://notcve.org/view.php?id=CVE-2016-10311
10 Apr 2017 — Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. El desbordamiento de búfer basado en pila en SAP NetWeaver desde 7.0 hasta la versión 7.5 permite a atacantes remotos causar una denegación de servicio () enviando un paquete manipulado al puerto SAPSTARTSRV, también conocido como Nota de seguridad de SAP 2295238. • https://erpscan.io/advisories/erpscan-16-030-sap-netweaver-sapstartsrv-stack-based-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4015 – SAP NetWeaver Enqueue Server 7.4 Denial of Service
https://notcve.org/view.php?id=CVE-2016-4015
14 Apr 2016 — The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. El Enqueue Server en SAP NetWeaver JAVA AS 7.1 hasta la versión 7.4 permite a atacantes remotos causar una denegación de servicio (caída de proceso) a través de una petición manipulada, también conocida como SAP Security Note 2258784. SAP NetWeaver Enqueue Server version 7.4 suffers from a denial of service vulnerability. • https://erpscan.io/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-7241 – SAP NetWeaver < 7.01 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2015-7241
21 Sep 2015 — XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Existe una vulnerabilidad de tipo XML External Entity (XEE) en versiones de SAP Netweaver anteriores a la 7.01. SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability. • https://packetstorm.news/files/id/133627 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2815 – SAP NetWeaver Dispatcher Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-2815
01 Apr 2015 — Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. Desbordamiento de buffer en la función C_SAPGPARAM en NetWeaver Dispatcher en SAP KERNEL 7.00 (7000.52.12.34966) y 7.40 (7400.12.21.30308) permite a usuarios remotos autenticados causar una denegación de servicio o posib... • http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 5CVE-2014-0995 – SAP NetWeaver Enqueue Server - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0995
16 Oct 2014 — The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. El servidor Standalone Enqueue en SAP Netweaver 7.20, 7.01, y anteriores permite a atacantes remotos causar una denegación de servicio (recursión sin control y caída) a través de un nivel de traza con un comodín en la pauta de traza (Trace Pattern). Core Security Technologies Advisory - A vulnera... • https://packetstorm.news/files/id/128726 • CWE-20: Improper Input Validation •