Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Filtered by product Netweaver
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2611 1 Sap 1 Netweaver 2023-12-10 9.3 HIGH N/A
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
CVE-2013-6819 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5723 1 Sap 1 Netweaver 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
CVE-2011-5260 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2013-3243 2 Opentext, Sap 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver 2023-12-10 6.8 MEDIUM N/A
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
CVE-2013-6823 1 Sap 1 Netweaver 2023-12-10 6.4 MEDIUM N/A
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-6822 1 Sap 1 Netweaver 2023-12-10 10.0 HIGH N/A
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
CVE-2013-7094 1 Sap 1 Netweaver 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1291 1 Sap 1 Netweaver 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.
CVE-2010-1609 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1289 1 Sap 1 Netweaver 2023-12-10 4.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
CVE-2012-1292 1 Sap 1 Netweaver 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.
CVE-2012-1290 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
CVE-2010-2904 1 Sap 2 Netweaver, System Landscape Directory 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
CVE-2011-4707 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
CVE-2008-1846 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.
CVE-2009-2932 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
CVE-2008-3358 2 Microsoft, Sap 2 Internet Explorer, Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.