SAP

Netweaver

104 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2012-2513

Exploit
  • EPSS 22.78%
  • Published 15.05.2012 04:21:43
  • Last modified 11.04.2025 00:51:21

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5

CVE-2012-2514

Exploit
  • EPSS 22.65%
  • Published 15.05.2012 04:21:43
  • Last modified 11.04.2025 00:51:21

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

9.3

CVE-2012-2611

Exploit
  • EPSS 77.66%
  • Published 15.05.2012 04:21:43
  • Last modified 11.04.2025 00:51:21

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to exec...

5

CVE-2012-2612

Exploit
  • EPSS 22.65%
  • Published 15.05.2012 04:21:43
  • Last modified 11.04.2025 00:51:21

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

4

CVE-2012-1289

Exploit
  • EPSS 0.55%
  • Published 23.02.2012 20:07:25
  • Last modified 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (c...

4.3

CVE-2012-1290

  • EPSS 0.33%
  • Published 23.02.2012 20:07:25
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.

5

CVE-2012-1291

  • EPSS 0.33%
  • Published 23.02.2012 20:07:25
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerSer...

5

CVE-2012-1292

  • EPSS 0.36%
  • Published 23.02.2012 20:07:25
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.

4.3

CVE-2011-4707

  • EPSS 0.33%
  • Published 08.12.2011 19:55:03
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the Vsi...

4.3

CVE-2010-2904

  • EPSS 0.55%
  • Published 28.07.2010 21:30:02
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2)...