Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2013-6821
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.001
Published
2013-11-20
CVE-2013-6822
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
CVSS Score
10.0
EPSS Score
0.015
Published
2013-11-20
CVE-2013-6823
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-11-20
CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.003
Published
2013-11-20
CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.007
Published
2013-11-20
CVE-2013-6816
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2013-11-20
CVE-2013-6817
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
CVSS Score
6.8
EPSS Score
0.016
Published
2013-11-20
CVE-2013-6818
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-11-20
CVE-2013-6819
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-11-20
CVE-2013-6820
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
CVSS Score
9.3
EPSS Score
0.038
Published
2013-11-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved