Vulnerabilities > SAP > SAP WEB Application Server > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-05-23 | CVE-2008-2421 | Cross-Site Scripting vulnerability in SAP web Application Server and web Dynpro Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. | 4.3 |
| 2007-07-06 | CVE-2007-3615 | Denial of Service vulnerability in SAP products Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | 7.8 |
| 2005-11-16 | CVE-2005-3635 | Cross-Site Scripting vulnerability in SAP Web Application Server Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. network sap | 4.3 |
| 2005-11-16 | CVE-2005-3634 | Unspecified vulnerability in SAP web Application Server frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | 5.0 |
| 2005-11-16 | CVE-2005-3633 | Unspecified vulnerability in SAP web Application Server HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | 5.0 |