SAP

Netweaver

104 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2013-1593

Exploit
  • EPSS 2.66%
  • Published 23.01.2020 20:15:11
  • Last modified 21.11.2024 01:49:57

A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.

10

CVE-2013-1592

Exploit
  • EPSS 68.89%
  • Published 23.01.2020 19:15:11
  • Last modified 21.11.2024 01:49:56

A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30...

8.8

CVE-2019-0351

  • EPSS 2.28%
  • Published 14.08.2019 14:15:16
  • Last modified 21.11.2024 04:16:43

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete cont...

5.9

CVE-2019-0248

  • EPSS 0.39%
  • Published 08.01.2019 20:29:00
  • Last modified 21.11.2024 04:16:34

Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.

6.1

CVE-2018-2476

  • EPSS 0.21%
  • Published 13.11.2018 20:29:00
  • Last modified 21.11.2024 04:03:53

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

8.8

CVE-2018-2477

  • EPSS 0.84%
  • Published 13.11.2018 20:29:00
  • Last modified 21.11.2024 04:03:53

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

6.1

CVE-2018-2470

  • EPSS 0.42%
  • Published 09.10.2018 13:29:01
  • Last modified 21.11.2024 04:03:52

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1

CVE-2018-2464

  • EPSS 0.42%
  • Published 11.09.2018 15:29:02
  • Last modified 21.11.2024 04:03:51

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.

8.8

CVE-2018-2462

  • EPSS 0.75%
  • Published 11.09.2018 15:29:01
  • Last modified 21.11.2024 04:03:51

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

4.3

CVE-2018-2434

  • EPSS 0.13%
  • Published 10.07.2018 18:29:00
  • Last modified 21.11.2024 04:03:48

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovatio...