Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Filtered by product Netweaver
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1910 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM 5.3 MEDIUM
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
CVE-2016-10311 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.
CVE-2015-6662 1 Sap 1 Netweaver 2018-12-10 6.8 MEDIUM N/A
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
CVE-2015-5067 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
CVE-2015-2817 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVE-2015-2815 1 Sap 1 Netweaver 2018-12-10 6.5 MEDIUM N/A
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
CVE-2014-8592 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.
CVE-2014-8591 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.
CVE-2014-6252 1 Sap 1 Netweaver 2018-12-10 6.5 MEDIUM N/A
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
CVE-2014-1965 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.
CVE-2014-1964 1 Sap 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) 2018-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.
CVE-2014-1963 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.
CVE-2014-1961 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
CVE-2014-1960 1 Sap 2 Netweaver, Netweaver Solution Manager 2018-12-10 5.0 MEDIUM N/A
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-7094 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6869 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6823 1 Sap 1 Netweaver 2018-12-10 6.4 MEDIUM N/A
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-6822 1 Sap 1 Netweaver 2018-12-10 10.0 HIGH N/A
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
CVE-2013-6821 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-6819 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.