Sap Sap Web Application Server — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Sap Web Application Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2007-3615 — CVSS 7.8 (high): Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows…
CVE-2006-1039 — CVSS 6.4 (medium): SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain…
CVE-2006-6010 — CVSS 5.0 (medium): SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO…
CVE-2005-3633 — CVSS 5.0 (medium): HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to…
CVE-2006-5785 — CVSS 5.0 (medium): Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a…
CVE-2006-6011 — CVSS 5.0 (medium): Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service…
CVE-2005-3634 — CVSS 5.0 (medium): frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect…
CVE-2006-5784 — CVSS 4.6 (medium): Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote…
CVE-2005-3636 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or…
CVE-2005-3635 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject…
CVE-2008-2421 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and…