Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2123 | 1 Sap | 1 Internet Transaction Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. | |||||
CVE-2006-5114 | 1 Sap | 1 Internet Transaction Server | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. | |||||
CVE-2003-1038 | 1 Sap | 1 Internet Transaction Server | 2024-11-20 | 5.0 MEDIUM | N/A |
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | |||||
CVE-2003-1037 | 1 Sap | 1 Internet Transaction Server | 2024-11-20 | 7.5 HIGH | N/A |
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level." | |||||
CVE-2003-1036 | 1 Sap | 1 Internet Transaction Server | 2024-11-20 | 7.5 HIGH | N/A |
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. | |||||
CVE-2003-0749 | 1 Sap | 1 Internet Transaction Server | 2024-11-20 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. | |||||
CVE-2003-0748 | 1 Sap | 1 Internet Transaction Server | 2024-11-20 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename. | |||||
CVE-2003-0747 | 1 Sap | 1 Internet Transaction Server | 2024-11-20 | 5.0 MEDIUM | N/A |
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message. | |||||
CVE-2018-11415 | 1 Sap | 1 Internet Transaction Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. |