Filtered by vendor Sap
Subscriptions
Filtered by product Netweaver
Subscriptions
Total
106 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-2462 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | ||||
CVE-2018-2434 | 1 Sap | 3 Netweaver, Ui Infra, User Interface Technology | 2024-11-21 | N/A |
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. | ||||
CVE-2018-2363 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver | 2024-11-21 | N/A |
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. | ||||
CVE-2013-1593 | 1 Sap | 1 Netweaver | 2024-11-21 | 7.5 High |
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. | ||||
CVE-2013-1592 | 1 Sap | 1 Netweaver | 2024-11-21 | 9.8 Critical |
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | ||||
CVE-2011-1517 | 1 Sap | 1 Netweaver | 2024-11-21 | 9.8 Critical |
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. |