SAP

Netweaver Application Server Java

67 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-14581

  • EPSS 0.8%
  • Veröffentlicht 19.09.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.

7.5

CVE-2017-12637

Warnung
  • EPSS 93.49%
  • Veröffentlicht 07.08.2017 20:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in ...

6.1

CVE-2017-11458

  • EPSS 0.3%
  • Veröffentlicht 25.07.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

6.5

CVE-2017-11457

  • EPSS 0.59%
  • Veröffentlicht 25.07.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Sec...

8.8

CVE-2017-8913

  • EPSS 0.55%
  • Veröffentlicht 23.05.2017 04:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIK...

8.8

CVE-2017-7717

  • EPSS 0.84%
  • Veröffentlicht 14.04.2017 18:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.

6.5

CVE-2016-10304

  • EPSS 0.89%
  • Veröffentlicht 10.04.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Securi...

6.5

CVE-2016-9563

Warnung
  • EPSS 58.44%
  • Veröffentlicht 23.11.2016 02:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.

7.5

CVE-2016-9562

  • EPSS 1.17%
  • Veröffentlicht 23.11.2016 02:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

10

CVE-2010-5326

Warnung
  • EPSS 26.42%
  • Veröffentlicht 13.05.2016 10:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 throu...