Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-08 | CVE-2011-4707 | Cross-Site Scripting vulnerability in SAP Netweaver Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. | 4.3 |
| 2010-10-18 | CVE-2010-3982 | Information Exposure vulnerability in SAP Businessobjects 3.2 SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | 5.0 |
| 2010-10-18 | CVE-2010-3981 | Cross-Site Scripting vulnerability in SAP Businessobjects 3.2 Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | 4.3 |
| 2010-10-18 | CVE-2010-3980 | Unspecified vulnerability in SAP Businessobjects 3.2 Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | 4.0 |
| 2010-10-18 | CVE-2010-3979 | Information Exposure vulnerability in SAP Businessobjects 3.2 Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | 5.0 |
| 2010-07-28 | CVE-2010-2904 | Cross-Site Scripting vulnerability in SAP Netweaver and System Landscape Directory Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | 4.3 |
| 2010-06-21 | CVE-2010-2347 | Permissions, Privileges, and Access Controls vulnerability in SAP J2Ee Engine Core and Server Core The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. | 4.9 |
| 2010-05-27 | CVE-2010-2103 | Cross-Site Scripting vulnerability in Apache Axis2 1.4.1/1.5.1 Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. | 4.3 |
| 2010-04-29 | CVE-2010-1609 | Cross-Site Scripting vulnerability in SAP Netweaver 4.0/7.0 Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-01-12 | CVE-2009-4603 | Denial Of Service vulnerability in SAP Kernel 'sapstartsrv' Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. | 5.0 |