SAP

Netweaver

104 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-2363

  • EPSS 0.74%
  • Published 09.01.2018 15:29:00
  • Last modified 21.11.2024 04:03:40

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the syst...

9.8

CVE-2015-7241

Exploit
  • EPSS 27.38%
  • Published 06.09.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

7.5

CVE-2017-9844

  • EPSS 3.42%
  • Published 12.07.2017 16:29:00
  • Last modified 02.05.2025 15:25:18

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that...

7.8

CVE-2017-9845

  • EPSS 4.19%
  • Published 12.07.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.

9.8

CVE-2016-10311

  • EPSS 4.07%
  • Published 10.04.2017 15:59:00
  • Last modified 20.04.2025 01:37:25

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

7.5

CVE-2017-5372

  • EPSS 0.71%
  • Published 23.01.2017 21:59:03
  • Last modified 20.04.2025 01:37:25

The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) get...

3.3

CVE-2016-7437

  • EPSS 0.05%
  • Published 13.10.2016 14:59:12
  • Last modified 12.04.2025 10:46:40

SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in a...

7.5

CVE-2016-3635

  • EPSS 0.59%
  • Published 13.10.2016 14:59:00
  • Last modified 12.04.2025 10:46:40

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RF...

9.1

CVE-2016-7435

  • EPSS 1.21%
  • Published 05.10.2016 16:59:06
  • Last modified 12.04.2025 10:46:40

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via ...

7.5

CVE-2016-4551

  • EPSS 0.29%
  • Published 05.10.2016 16:59:02
  • Last modified 12.04.2025 10:46:40

The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.