Filtered by vendor Sap
Subscriptions
Filtered by product Netweaver
Subscriptions
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2013-6822 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-6821 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6816 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6815 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | ||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | ||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2011-4707 | 1 Sap | 1 Netweaver | 2018-12-10 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. | ||||
| CVE-2018-2462 | 1 Sap | 1 Netweaver | 2018-11-26 | N/A |
| In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | ||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2018-11-26 | N/A |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2018-11-09 | N/A |
| SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2008-3358 | 2 Microsoft, Sap | 2 Internet Explorer, Netweaver | 2018-10-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. | ||||
| CVE-2008-1846 | 1 Sap | 1 Netweaver | 2018-10-11 | N/A |
| The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. | ||||
| CVE-2010-1609 | 1 Sap | 1 Netweaver | 2018-10-10 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2018-10-10 | N/A |
| Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | ||||
| CVE-2015-7241 | 1 Sap | 1 Netweaver | 2018-10-09 | N/A |
| XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||||