Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1485 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3243 2 Opentext, Sap 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver 2024-11-21 6.8 MEDIUM N/A
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
CVE-2013-3063 1 Sap 1 Basis Communication Services 2024-11-21 6.0 MEDIUM N/A
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-3062 1 Sap 1 Production Planning And Control 2024-11-21 6.5 MEDIUM N/A
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
CVE-2013-3061 1 Sap 2 Erp Central Component, Healthcare Industry Solution 2024-11-21 6.5 MEDIUM N/A
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
CVE-2013-1593 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
CVE-2013-1592 1 Sap 1 Netweaver 2024-11-21 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
CVE-2012-4341 1 Sap 1 Netweaver Abap 2024-11-21 10.0 HIGH N/A
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
CVE-2012-2612 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-2611 1 Sap 1 Netweaver 2024-11-21 9.3 HIGH N/A
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
CVE-2012-2514 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-2513 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-2512 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-2511 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-1292 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.
CVE-2012-1291 1 Sap 1 Netweaver 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.
CVE-2012-1290 1 Sap 1 Netweaver 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
CVE-2012-1289 1 Sap 1 Netweaver 2024-11-21 4.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
CVE-2011-5263 1 Sap 1 Netweaver 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVE-2011-5260 1 Sap 1 Netweaver 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-5154 1 Sap 1 Graphical User Interface 2024-11-21 6.9 MEDIUM N/A
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.