Filtered by vendor Sap
Subscriptions
Filtered by product Netweaver
Subscriptions
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-4003 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | ||||
| CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | ||||
| CVE-2014-1961 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | ||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2024-08-06 | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-1965 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | ||||
| CVE-2014-1963 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | ||||
| CVE-2014-0995 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | ||||
| CVE-2015-7241 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | ||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | ||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | ||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | ||||
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2024-08-06 | N/A |
| HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | ||||
| CVE-2016-10311 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | ||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | ||||
| CVE-2016-7435 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | ||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2024-08-06 | N/A |
| The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | ||||
| CVE-2016-4015 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | ||||
| CVE-2016-4014 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | ||||