Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-28 | CVE-2013-3243 | Remote Code Injection vulnerability in ECM Suite Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | 6.8 |
| 2013-10-24 | CVE-2013-6244 | Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2013-10-24 | CVE-2013-3244 | Code Injection vulnerability in SAP ERP Central Component Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | 6.0 |
| 2013-09-16 | CVE-2013-5751 | Path Traversal vulnerability in SAP Netweaver Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2013-08-16 | CVE-2013-3319 | Information Exposure vulnerability in SAP Netweaver 7.03 The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | 5.0 |
| 2013-05-01 | CVE-2013-3063 | Remote Command Execution vulnerability in SAP Basis Communication Services 4.6/7.30 SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. network sap | 6.0 |
| 2013-05-01 | CVE-2013-3062 | Permissions, Privileges, and Access Controls vulnerability in SAP Production Planning and Control The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | 6.5 |
| 2013-02-12 | CVE-2011-5263 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | 4.3 |
| 2013-02-12 | CVE-2011-5260 | Cross-Site Scripting vulnerability in SAP Netweaver 4.0/6.4/7.0 Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2012-09-06 | CVE-2011-5154 | Unspecified vulnerability in SAP Graphical User Interface 6.4/7.2 Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. local sap | 6.9 |