Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Netweaver
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 100 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-06 | CVE-2014-0995 | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | Netweaver | N/A | ||
| 2014-04-10 | CVE-2013-7364 | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | Netweaver | N/A | ||
| 2013-12-13 | CVE-2013-7094 | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | Netweaver | N/A | ||
| 2013-11-23 | CVE-2013-6869 | SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | Netweaver | N/A | ||
| 2013-11-20 | CVE-2013-6823 | GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | Netweaver | N/A | ||
| 2013-11-20 | CVE-2013-6822 | GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | Netweaver | N/A | ||
| 2013-11-20 | CVE-2013-6821 | Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | Netweaver | N/A | ||
| 2013-11-20 | CVE-2013-6819 | Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Netweaver | N/A | ||
| 2013-11-20 | CVE-2013-6816 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Netweaver | N/A | ||
| 2013-11-20 | CVE-2013-6815 | The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | Netweaver | N/A |