SAP

Netweaver

104 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-4015

  • EPSS 3.04%
  • Published 14.04.2016 14:59:10
  • Last modified 12.04.2025 10:46:40

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.

9

CVE-2016-4014

Exploit
  • EPSS 6.91%
  • Published 14.04.2016 14:59:09
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.

7.8

CVE-2016-2389

  • EPSS 73.26%
  • Published 16.02.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter t...

6.1

CVE-2016-2387

  • EPSS 0.23%
  • Published 16.02.2016 15:59:01
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, ak...

6.1

CVE-2016-1911

  • EPSS 0.33%
  • Published 15.01.2016 20:59:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastruct...

5.3

CVE-2016-1910

  • EPSS 8.82%
  • Published 15.01.2016 20:59:01
  • Last modified 12.04.2025 10:46:40

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

6.8

CVE-2015-6662

  • EPSS 0.64%
  • Published 24.08.2015 14:59:19
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.

7.5

CVE-2015-5067

  • EPSS 1.58%
  • Published 24.06.2015 14:59:09
  • Last modified 12.04.2025 10:46:40

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

5

CVE-2015-2817

  • EPSS 0.44%
  • Published 01.04.2015 14:59:15
  • Last modified 12.04.2025 10:46:40

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

6.5

CVE-2015-2815

  • EPSS 3.46%
  • Published 01.04.2015 14:59:13
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecifie...