Vulnerabilities > SAP > Netweaver > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-10-28 CVE-2013-3243 Remote Code Injection vulnerability in ECM Suite
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
network
opentext sap
6.8
6.8
2013-10-24 CVE-2013-6244 Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
sap
5.0
5.0
2013-09-16 CVE-2013-5751 Path Traversal vulnerability in SAP Netweaver
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
sap CWE-22
5.0
5.0
2013-08-16 CVE-2013-3319 Information Exposure vulnerability in SAP Netweaver 7.03
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.
network
low complexity
sap CWE-200
5.0
5.0
2013-02-12 CVE-2011-5263 Cross-Site Scripting vulnerability in SAP Netweaver
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
network
sap CWE-79
4.3
4.3
2013-02-12 CVE-2011-5260 Cross-Site Scripting vulnerability in SAP Netweaver 4.0/6.4/7.0
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
sap CWE-79
4.3
4.3
2012-05-15 CVE-2012-2612 Buffer Errors vulnerability in SAP Netweaver 7.0
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
network
low complexity
sap CWE-119
5.0
5.0
2012-05-15 CVE-2012-2514 Buffer Errors vulnerability in SAP Netweaver 7.0
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
network
low complexity
sap CWE-119
5.0
5.0
2012-05-15 CVE-2012-2513 Buffer Errors vulnerability in SAP Netweaver 7.0
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
network
low complexity
sap CWE-119
5.0
5.0
2012-05-15 CVE-2012-2512 Buffer Errors vulnerability in SAP Netweaver 7.0
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
network
low complexity
sap CWE-119
5.0
5.0