Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sap Subscribe
Filtered by product Netweaver
Total 90 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7437 1 Sap 1 Netweaver 2016-10-13 2.1 LOW 3.3 LOW
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
CVE-2014-8587 1 Sap 5 Commoncryptolib, Hana, Netweaver and 2 more 2015-02-03 7.5 HIGH N/A
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
CVE-2014-3787 1 Sap 1 Netweaver 2014-05-20 5.0 MEDIUM N/A
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
CVE-2013-7364 1 Sap 1 Netweaver 2014-04-11 7.5 HIGH N/A
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
CVE-2013-3243 2 Opentext, Sap 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver 2013-11-22 6.8 MEDIUM N/A
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
CVE-2013-6244 1 Sap 1 Netweaver 2013-10-30 5.0 MEDIUM N/A
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2012-2611 1 Sap 1 Netweaver 2012-08-18 9.3 HIGH N/A
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
CVE-2012-1292 1 Sap 1 Netweaver 2012-02-26 5.0 MEDIUM N/A
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.
CVE-2012-1291 1 Sap 1 Netweaver 2012-02-23 5.0 MEDIUM N/A
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.
CVE-2012-1290 1 Sap 1 Netweaver 2012-02-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.