Vulnerabilities > SAP > Netweaver > 7.30
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-04 | CVE-2014-8591 | Denial of Service vulnerability in SAP Netweaver 7.02/7.30 Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | 5.0 |
2013-12-13 | CVE-2013-7094 | SQL Injection vulnerability in SAP Netweaver 7.30 SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-11-23 | CVE-2013-6869 | SQL Injection vulnerability in SAP Netweaver 7.30 SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-11-20 | CVE-2013-6815 | Improper Input Validation vulnerability in SAP Netweaver The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
2013-10-24 | CVE-2013-6244 | Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
2013-09-16 | CVE-2013-5751 | Path Traversal vulnerability in SAP Netweaver Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2013-09-12 | CVE-2013-5723 | SQL Injection vulnerability in SAP Netweaver 7.30 SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | 7.5 |
2013-02-12 | CVE-2011-5263 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | 4.3 |