Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2012-05-15	CVE-2012-2511	Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. network low complexity sap CWE-119	5.0
2012-02-23	CVE-2012-1292	Input Validation vulnerability in SAP Netweaver 7.0 Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. network low complexity sap	5.0
2012-02-23	CVE-2012-1291	Input Validation vulnerability in SAP Netweaver 7.0 Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. network low complexity sap	5.0
2012-02-23	CVE-2012-1290	Cross-Site Scripting vulnerability in SAP Netweaver 7.0 Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. network sap CWE-79	4.3
2012-02-23	CVE-2012-1289	Path Traversal vulnerability in SAP Netweaver 7.0 Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. network low complexity sap CWE-22	4.0
2011-12-08	CVE-2011-4707	Cross-Site Scripting vulnerability in SAP Netweaver Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. network sap CWE-79	4.3
2010-07-28	CVE-2010-2904	Cross-Site Scripting vulnerability in SAP Netweaver and System Landscape Directory Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. network sap CWE-79	4.3
2010-04-29	CVE-2010-1609	Cross-Site Scripting vulnerability in SAP Netweaver 4.0/7.0 Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network sap CWE-79	4.3
2009-08-21	CVE-2009-2932	Cross-Site Scripting vulnerability in SAP Netweaver 7.0 Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. network sap CWE-79	4.3
2009-01-28	CVE-2008-3358	Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. network sap microsoft CWE-79	4.3