Vulnerabilities > SAP > Netweaver > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-14 | CVE-2014-1964 | Cross-Site Scripting vulnerability in SAP products Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | 4.3 |
| 2014-02-14 | CVE-2014-1963 | Unspecified vulnerability in SAP Netweaver 7.20 Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1961 | Unspecified vulnerability in SAP Netweaver Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1960 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver and Netweaver Solution Manager The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2013-11-20 | CVE-2013-6823 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | 6.4 |
| 2013-11-20 | CVE-2013-6821 | Path Traversal vulnerability in SAP Netweaver Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2013-11-20 | CVE-2013-6819 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-11-20 | CVE-2013-6816 | Cross-Site Scripting vulnerability in SAP Netweaver Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-11-20 | CVE-2013-6815 | Improper Input Validation vulnerability in SAP Netweaver The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-11-20 | CVE-2013-6814 | Improper Input Validation vulnerability in SAP Netweaver The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | 5.8 |