SAP

Netweaver

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2012-2511

Exploit
  • EPSS 20.08%
  • Veröffentlicht 15.05.2012 04:21:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5

CVE-2012-2512

Exploit
  • EPSS 22.65%
  • Veröffentlicht 15.05.2012 04:21:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5

CVE-2012-2513

Exploit
  • EPSS 22.78%
  • Veröffentlicht 15.05.2012 04:21:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5

CVE-2012-2514

Exploit
  • EPSS 22.65%
  • Veröffentlicht 15.05.2012 04:21:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

9.3

CVE-2012-2611

Exploit
  • EPSS 77.66%
  • Veröffentlicht 15.05.2012 04:21:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to exec...

5

CVE-2012-2612

Exploit
  • EPSS 22.65%
  • Veröffentlicht 15.05.2012 04:21:43
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

4

CVE-2012-1289

Exploit
  • EPSS 0.49%
  • Veröffentlicht 23.02.2012 20:07:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (c...

4.3

CVE-2012-1290

  • EPSS 0.33%
  • Veröffentlicht 23.02.2012 20:07:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.

5

CVE-2012-1291

  • EPSS 0.33%
  • Veröffentlicht 23.02.2012 20:07:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerSer...

5

CVE-2012-1292

  • EPSS 0.36%
  • Veröffentlicht 23.02.2012 20:07:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.