Sap: >> Internet Transaction Server >> 6.20 Security Vulnerabilities
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.
CVSS Score
6.1
EPSS Score
0.025
Published
2018-05-24
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
CVSS Score
7.5
EPSS Score
0.031
Published
2004-04-15
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
CVSS Score
7.5
EPSS Score
0.019
Published
2004-04-15
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-04-15