Vulnerabilities > SAP > Netweaver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-05 | CVE-2014-6252 | Buffer Errors vulnerability in SAP Netweaver 7.0/7.20 Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | 6.5 |
| 2014-06-09 | CVE-2014-4003 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | 7.5 |
| 2014-05-19 | CVE-2014-3787 | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | 5.0 |
| 2014-04-10 | CVE-2013-7364 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | 7.5 |
| 2014-02-14 | CVE-2014-1965 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | 4.3 |
| 2014-02-14 | CVE-2014-1964 | Cross-Site Scripting vulnerability in SAP products Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | 4.3 |
| 2014-02-14 | CVE-2014-1963 | Unspecified vulnerability in SAP Netweaver 7.20 Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1961 | Unspecified vulnerability in SAP Netweaver Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1960 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver and Netweaver Solution Manager The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2013-12-13 | CVE-2013-7094 | SQL Injection vulnerability in SAP Netweaver 7.30 SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |