Filtered by vendor Sap Subscriptions
Filtered by product Netweaver Subscriptions

Search

Switch to Advanced Search (Beta)
Total 118 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-2512 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-1292 1 Sap 1 Netweaver 2025-04-11 N/A
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.
CVE-2012-1291 1 Sap 1 Netweaver 2025-04-11 N/A
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.
CVE-2012-1290 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
CVE-2011-5263 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVE-2011-5260 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2010-2904 1 Sap 2 Netweaver, System Landscape Directory 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
CVE-2010-1609 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2612 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-1289 1 Sap 1 Netweaver 2025-04-11 N/A
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
CVE-2013-6814 1 Sap 1 Netweaver 2025-04-11 N/A
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
CVE-2013-6815 1 Sap 1 Netweaver 2025-04-11 N/A
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2013-6819 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6821 1 Sap 1 Netweaver 2025-04-11 N/A
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-6823 1 Sap 1 Netweaver 2025-04-11 N/A
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-6869 1 Sap 1 Netweaver 2025-04-11 N/A
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7094 1 Sap 1 Netweaver 2025-04-11 N/A
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2511 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2014-1961 1 Sap 1 Netweaver 2025-04-11 N/A
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
CVE-2014-1963 1 Sap 1 Netweaver 2025-04-11 N/A
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.