Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-02-12 | CVE-2011-5260 | Cross-Site Scripting vulnerability in SAP Netweaver 4.0/6.4/7.0 Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2012-09-06 | CVE-2011-5154 | Unspecified vulnerability in SAP Graphical User Interface 6.4/7.2 Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. local sap | 6.9 |
2012-05-15 | CVE-2012-2612 | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2611 | Improper Input Validation vulnerability in SAP Netweaver 7.0 The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | 9.3 |
2012-05-15 | CVE-2012-2514 | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2513 | Buffer Errors vulnerability in SAP Netweaver 7.0 The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2512 | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-05-15 | CVE-2012-2511 | Buffer Errors vulnerability in SAP Netweaver 7.0 The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | 5.0 |
2012-02-23 | CVE-2012-1292 | Input Validation vulnerability in SAP Netweaver 7.0 Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | 5.0 |
2012-02-23 | CVE-2012-1291 | Input Validation vulnerability in SAP Netweaver 7.0 Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | 5.0 |