Vulnerabilities > SAP > Netweaver > 7.01

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2013-1593 Improper Validation of Array Index vulnerability in SAP Netweaver
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
network
low complexity
sap CWE-129
7.5
2020-01-23 CVE-2013-1592 Classic Buffer Overflow vulnerability in SAP Netweaver
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
network
low complexity
sap CWE-120
critical
9.8
2018-10-09 CVE-2018-2470 Cross-site Scripting vulnerability in SAP Netweaver
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1