Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-14 | CVE-2014-1960 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver and Netweaver Solution Manager The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2013-12-13 | CVE-2013-7093 | Improper Authentication vulnerability in SAP Network Interface Router 39.3 SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | 5.0 |
| 2013-11-20 | CVE-2013-6823 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | 6.4 |
| 2013-11-20 | CVE-2013-6821 | Path Traversal vulnerability in SAP Netweaver Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2013-11-20 | CVE-2013-6819 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-11-20 | CVE-2013-6818 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Logviewer 6.30 SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | 6.4 |
| 2013-11-20 | CVE-2013-6817 | Buffer Errors vulnerability in SAP Network Interface Router 7.30 Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. | 6.8 |
| 2013-11-20 | CVE-2013-6816 | Cross-Site Scripting vulnerability in SAP Netweaver Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-11-20 | CVE-2013-6815 | Improper Input Validation vulnerability in SAP Netweaver The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-11-20 | CVE-2013-6814 | Improper Input Validation vulnerability in SAP Netweaver The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | 5.8 |