NotCVE - vendor:"Sap" product:"Sap Web Application Server" version:"7.0"

8 results (0.382 seconds)

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

CVE-2009-4603

https://notcve.org/view.php?id=CVE-2009-4603

Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. vulnerabilidad inespecífica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP Web Application Server v6.x y v7.x, permite a atacantes remotos producir una denegación de servicio (apagado de la consola de administración) a través de una petición manipulada. • http://secunia.com/advisories/37684 http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf http://www.securityfocus.com/bid/37286 http://www.securitytracker.com/id?1023319 https://service.sap.com/sap/support/notes/1302231 •

CVSS: 4.3EPSS: 86%CPEs: 3EXPL: 2

CVE-2008-2421 – SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-2421

Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Web GUI en SAP Web Aplication Server (WAS) 7.0, Web Dynpro para ABAP (también conocido como WD4A o WDA), y Web Dynpro para BSP permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de PATH_INFO a la URI por defecto bajo bc/gui/sap/its/webgui/. • https://www.exploit-db.com/exploits/31816 http://secunia.com/advisories/30334 http://www.securityfocus.com/archive/1/492376/100/0/threaded http://www.securityfocus.com/bid/29317 http://www.securitytracker.com/id?1020097 http://www.vupen.com/english/advisories/2008/1599/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 0

CVE-2007-3615

https://notcve.org/view.php?id=CVE-2007-3615

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de un URI de cierta longitud que contenga el parámetro sap-isc-key, relacionado con la configuración del caché de la web. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html http://osvdb.org/38095 http://secunia.com/advisories/25964 http://securityreason.com/securityalert/2875 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos http://www.securityfocus.com/archive/1/472890/100/0/threaded http://www.securityfocus.com/bid/24774 http://www.securitytracker.com/id?1018336 http://www.vupen.com/english/advisories/2007/2450 https://exchange.xforce.ibmc •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1

CVE-2006-5784 – SAP Web Application Server 6.40 - Arbitrary File Disclosure

https://notcve.org/view.php?id=CVE-2006-5784

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos leer ficheros de su elección mediante vectores no especificados. NOTA: este asunto puede ser aprovechado por usuarios locales para acceder a una tubería con nombre como usuario SAPServiceJ2E. • https://www.exploit-db.com/exploits/3291 http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20877 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29982 •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0

CVE-2006-5785

https://notcve.org/view.php?id=CVE-2006-5785

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos provocar una denegación de servicio (caída enserver.exe) mediante vectores no especificados. • http://secunia.com/advisories/22677 http://securityreason.com/securityalert/1828 http://www.securityfocus.com/archive/1/450394/100/0/threaded http://www.securityfocus.com/archive/1/459499/100/0/threaded http://www.securityfocus.com/bid/20873 http://www.securitytracker.com/id?1017628 http://www.vupen.com/english/advisories/2006/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/29981 •

1 2