Vulnerabilities > SAP > Netweaver > 7.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-13 | CVE-2010-5326 | Remote Code Execution vulnerability in SAP Netweaver Invoker Servlet The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | 10.0 |
| 2014-11-06 | CVE-2014-0995 | Improper Input Validation vulnerability in SAP Netweaver The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | 5.0 |
| 2014-09-05 | CVE-2014-6252 | Buffer Errors vulnerability in SAP Netweaver 7.0/7.20 Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | 6.5 |
| 2014-05-19 | CVE-2014-3787 | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1963 | Unspecified vulnerability in SAP Netweaver 7.20 Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | 5.0 |
| 2013-11-20 | CVE-2013-6815 | Improper Input Validation vulnerability in SAP Netweaver The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-10-24 | CVE-2013-6244 | Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-02-12 | CVE-2011-5263 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | 4.3 |