SAP

Netweaver

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2016-7435

  • EPSS 1.21%
  • Veröffentlicht 05.10.2016 16:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via ...

7.5

CVE-2016-4551

  • EPSS 0.29%
  • Veröffentlicht 05.10.2016 16:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.

7.5

CVE-2016-4015

  • EPSS 3.04%
  • Veröffentlicht 14.04.2016 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.

9

CVE-2016-4014

Exploit
  • EPSS 6.91%
  • Veröffentlicht 14.04.2016 14:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.

7.8

CVE-2016-2389

  • EPSS 80.85%
  • Veröffentlicht 16.02.2016 15:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter t...

6.1

CVE-2016-2387

  • EPSS 0.23%
  • Veröffentlicht 16.02.2016 15:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, ak...

6.1

CVE-2016-1911

  • EPSS 0.33%
  • Veröffentlicht 15.01.2016 20:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastruct...

5.3

CVE-2016-1910

  • EPSS 8.82%
  • Veröffentlicht 15.01.2016 20:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

6.8

CVE-2015-6662

  • EPSS 0.64%
  • Veröffentlicht 24.08.2015 14:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.

7.5

CVE-2015-5067

  • EPSS 1.58%
  • Veröffentlicht 24.06.2015 14:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.