CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 3CVE-2015-7241 – SAP NetWeaver < 7.01 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2015-7241
21 Sep 2015 — XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Existe una vulnerabilidad de tipo XML External Entity (XEE) en versiones de SAP Netweaver anteriores a la 7.01. SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability. • https://packetstorm.news/files/id/133627 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 29%CPEs: 2EXPL: 5CVE-2014-0995 – SAP NetWeaver Enqueue Server - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0995
16 Oct 2014 — The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. El servidor Standalone Enqueue en SAP Netweaver 7.20, 7.01, y anteriores permite a atacantes remotos causar una denegación de servicio (recursión sin control y caída) a través de un nivel de traza con un comodín en la pauta de traza (Trace Pattern). Core Security Technologies Advisory - A vulnera... • https://packetstorm.news/files/id/128726 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3787
https://notcve.org/view.php?id=CVE-2014-3787
19 May 2014 — SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. SAP NetWeaver 7.20 y anteriores permite a atacantes remotos leer tablas de SAP Central User Administration (SAP CUA) arbitrarias a través de vectores no especificados. • http://en.securitylab.ru/lab/PT-2014-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1965
https://notcve.org/view.php?id=CVE-2014-1965
14 Feb 2014 — Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. Vulnerabilidad de XSS en ISpeakAdapter en Integration Repository en el componente SAP Exchange Infrastructure (BC-XI) 3.0, 7.00 hasta 7.02 y 7.10 hasta 7.11 para SAP NetWeaver permite a atacantes remotos inyectar scr... • http://secunia.com/advisories/56947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6814
https://notcve.org/view.php?id=CVE-2013-6814
19 Nov 2013 — The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. J2EE Engine en SAP NetWeaver 6.40, 7.02, y anteriores versiones permite a atacantes remotos redirigir usuarios a sitios web arbitrarios para llevar a cabo ataques de phishing, y obtener información sensible (cookies y SAPPASSPORT) a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
19 Nov 2013 — The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
24 Oct 2013 — The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos ... • http://en.securitylab.ru/lab/PT-2013-13 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2011-5260
https://notcve.org/view.php?id=CVE-2011-5260
12 Feb 2013 — Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de comandos en sitio remoto (XSS) en SAP/BW/DOC/METADATA de SAP NetWeaver permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de página. • http://dsecrg.com/pages/vul/show.php?id=337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2011-5263
https://notcve.org/view.php?id=CVE-2011-5263
12 Feb 2013 — Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RetrieveMailExamples en SAP NetWeaver v7.30 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "server". • http://dsecrg.com/pages/vul/show.php?id=330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2904
https://notcve.org/view.php?id=CVE-2010-2904
28 Jul 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente System Landscape Directory (SLD) v6.4 hasta v7.02 en SAP NetWeaver, permite a atacantes remotos inyectar secuencia... • http://dsecrg.com/pages/vul/show.php?id=168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •