Sap Netweaver vulnerabilities

87 known vulnerabilities affecting sap/netweaver.

Total CVEs

87

CISA KEV

3

actively exploited

Public exploits

12

Exploited in wild

1

Severity breakdown

CRITICAL9HIGH20MEDIUM56LOW2

Vulnerabilities

Page 5 of 5

CVE-2012-1290MEDIUMCVSS 4.3v7.02012-02-23

CVE-2012-1290 [MEDIUM] CWE-79 CVE-2012-1290: Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.

CVE-2012-1289MEDIUMCVSS 4.0v7.02012-02-23

CVE-2012-1289 [MEDIUM] CWE-22 CVE-2012-1289: Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users t Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administrat

CVE-2012-1291MEDIUMCVSS 5.0v7.02012-02-23

CVE-2012-1291 [MEDIUM] CVE-2012-1291: Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7 Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.

CVE-2010-2904MEDIUMCVSS 4.3v6.4v7.02010-07-28

CVE-2010-2904 [MEDIUM] CWE-79 CVE-2010-2904: Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) componen Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

CVE-2010-1609MEDIUMCVSS 4.3v4.0v7.02010-04-29

CVE-2010-1609 [MEDIUM] CWE-79 CVE-2010-1609: Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 all Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2009-2932MEDIUMCVSS 4.3v7.02009-08-21

CVE-2009-2932 [MEDIUM] CWE-79 CVE-2009-2932: Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver A Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.

CVE-2008-1846MEDIUMCVSS 4.3≤ 7.02008-04-16

CVE-2008-1846 [MEDIUM] CWE-79 CVE-2008-1846: The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HT The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.

← Previous5 / 5