Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Filtered by product Netweaver
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6816 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6815 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2013-6814 1 Sap 1 Netweaver 2018-12-10 5.8 MEDIUM N/A
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
CVE-2013-5723 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
CVE-2011-5260 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-4707 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
CVE-2018-2462 1 Sap 1 Netweaver 2018-11-26 6.5 MEDIUM 8.8 HIGH
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2018-2470 1 Sap 1 Netweaver 2018-11-26 4.3 MEDIUM 6.1 MEDIUM
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2464 1 Sap 1 Netweaver 2018-11-09 4.3 MEDIUM 6.1 MEDIUM
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
CVE-2008-3358 2 Microsoft, Sap 2 Internet Explorer, Netweaver 2018-10-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
CVE-2008-1846 1 Sap 1 Netweaver 2018-10-11 4.3 MEDIUM N/A
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
CVE-2010-1609 1 Sap 1 Netweaver 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2932 1 Sap 1 Netweaver 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
CVE-2015-7241 1 Sap 1 Netweaver 2018-10-09 7.5 HIGH 9.8 CRITICAL
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2014-4003 1 Sap 1 Netweaver 2018-10-09 7.5 HIGH N/A
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
CVE-2011-5263 1 Sap 1 Netweaver 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVE-2018-2363 1 Sap 2 Business Application Software Integrated Solution, Netweaver 2018-01-29 6.5 MEDIUM 8.8 HIGH
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
CVE-2012-2612 1 Sap 1 Netweaver 2017-12-29 5.0 MEDIUM N/A
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-2514 1 Sap 1 Netweaver 2017-12-06 5.0 MEDIUM N/A
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2013-5751 1 Sap 1 Netweaver 2017-08-29 5.0 MEDIUM N/A
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.