Shodan
Vulnerabilities
Vulnerable Software
Sap:  >> Netweaver  >> 7.02  Security Vulnerabilities
CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.003
Published
2013-11-20
CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.007
Published
2013-11-20
CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.007
Published
2013-10-24
CVE-2013-5751
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-09-16
CVE-2011-5263
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2013-02-12
CVE-2011-4707
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
CVSS Score
4.3
EPSS Score
0.003
Published
2011-12-08
CVE-2010-2904
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
CVSS Score
4.3
EPSS Score
0.005
Published
2010-07-28
CVE-2008-3358
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
CVSS Score
4.3
EPSS Score
0.006
Published
2009-01-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved