Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-10 | CVE-2013-7361 | Path Traversal vulnerability in SAP CM Services and CMS Services Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | 5.0 |
| 2014-04-10 | CVE-2013-7359 | Information Disclosure vulnerability in SAP Mobile Infrastructure Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | 5.0 |
| 2014-04-10 | CVE-2013-7358 | Unspecified vulnerability in SAP Guided Procedures Archive Monitor Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | 5.0 |
| 2014-04-10 | CVE-2013-7357 | Information Disclosure vulnerability in SAP J2EE Engine Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | 5.0 |
| 2014-04-10 | CVE-2013-7356 | Unspecified vulnerability in SAP Ccms / Database Monitor Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1965 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | 4.3 |
| 2014-02-14 | CVE-2014-1964 | Cross-Site Scripting vulnerability in SAP products Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | 4.3 |
| 2014-02-14 | CVE-2014-1963 | Unspecified vulnerability in SAP Netweaver 7.20 Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | 5.0 |
| 2014-02-14 | CVE-2014-1962 | Information Exposure vulnerability in SAP Customer Relationship Management 7.02 Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
| 2014-02-14 | CVE-2014-1961 | Unspecified vulnerability in SAP Netweaver Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | 5.0 |