Shodan
Vulnerabilities
Vulnerable Software
Sap:  >> Netweaver  Security Vulnerabilities
CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.007
Published
2013-10-24
CVE-2013-5751
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-09-16
CVE-2013-5723
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
CVSS Score
7.5
EPSS Score
0.008
Published
2013-09-12
CVE-2013-3319
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.
CVSS Score
5.0
EPSS Score
0.118
Published
2013-08-16
CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-02-12
CVE-2011-5263
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2013-02-12
CVE-2012-2511
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVSS Score
5.0
EPSS Score
0.162
Published
2012-05-15
CVE-2012-2512
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVSS Score
5.0
EPSS Score
0.227
Published
2012-05-15
CVE-2012-2513
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVSS Score
5.0
EPSS Score
0.228
Published
2012-05-15
CVE-2012-2514
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVSS Score
5.0
EPSS Score
0.227
Published
2012-05-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved