Filtered by vendor Sap
Subscriptions
Filtered by product Netweaver
Subscriptions
Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2387 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | ||||
| CVE-2016-2389 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | ||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | ||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | ||||
| CVE-2016-4014 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | ||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
| CVE-2014-0995 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | ||||
| CVE-2013-6822 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2010-1609 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-2904 | 1 Sap | 2 Netweaver, System Landscape Directory | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | ||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2011-5263 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | ||||
| CVE-2012-1292 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | ||||
| CVE-2012-2512 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2012-2514 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2012-2611 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | ||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | ||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | ||||
| CVE-2013-6244 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||