SAP

Netweaver

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-6184

  • EPSS 0.54%
  • Veröffentlicht 12.02.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:15

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Script...

9.8

CVE-2011-1517

  • EPSS 2.37%
  • Veröffentlicht 05.02.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 01:26:29

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.

7.5

CVE-2013-1593

Exploit
  • EPSS 2.66%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 01:49:57

A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.

10

CVE-2013-1592

Exploit
  • EPSS 68.89%
  • Veröffentlicht 23.01.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 01:49:56

A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30...

8.8

CVE-2019-0351

  • EPSS 2.17%
  • Veröffentlicht 14.08.2019 14:15:16
  • Zuletzt bearbeitet 21.11.2024 04:16:43

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete cont...

5.9

CVE-2019-0248

  • EPSS 0.37%
  • Veröffentlicht 08.01.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:34

Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.

6.1

CVE-2018-2476

  • EPSS 0.21%
  • Veröffentlicht 13.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:03:53

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

8.8

CVE-2018-2477

  • EPSS 0.81%
  • Veröffentlicht 13.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:03:53

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

6.1

CVE-2018-2470

  • EPSS 0.42%
  • Veröffentlicht 09.10.2018 13:29:01
  • Zuletzt bearbeitet 21.11.2024 04:03:52

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1

CVE-2018-2464

  • EPSS 0.42%
  • Veröffentlicht 11.09.2018 15:29:02
  • Zuletzt bearbeitet 21.11.2024 04:03:51

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.