Vulnerabilities > SAP > Netweaver > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-19 | CVE-2014-3787 | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1965 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | 4.3 |
| 2013-11-20 | CVE-2013-6815 | Improper Input Validation vulnerability in SAP Netweaver The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-11-20 | CVE-2013-6814 | Improper Input Validation vulnerability in SAP Netweaver The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | 5.8 |
| 2013-10-24 | CVE-2013-6244 | Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-09-16 | CVE-2013-5751 | Path Traversal vulnerability in SAP Netweaver Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2013-02-12 | CVE-2011-5263 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | 4.3 |
| 2013-02-12 | CVE-2011-5260 | Cross-Site Scripting vulnerability in SAP Netweaver 4.0/6.4/7.0 Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2012-05-15 | CVE-2012-2612 | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
| 2012-05-15 | CVE-2012-2611 | Improper Input Validation vulnerability in SAP Netweaver 7.0 The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | 9.3 |