SAP

Netweaver Application Server Java

67 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-14581

  • EPSS 0.8%
  • Published 19.09.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.

7.5

CVE-2017-12637

Warning
  • EPSS 93.49%
  • Published 07.08.2017 20:29:01
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in ...

6.1

CVE-2017-11458

  • EPSS 0.3%
  • Published 25.07.2017 18:29:01
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

6.5

CVE-2017-11457

  • EPSS 0.59%
  • Published 25.07.2017 18:29:01
  • Last modified 20.04.2025 01:37:25

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Sec...

8.8

CVE-2017-8913

  • EPSS 0.55%
  • Published 23.05.2017 04:29:02
  • Last modified 20.04.2025 01:37:25

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIK...

8.8

CVE-2017-7717

  • EPSS 0.84%
  • Published 14.04.2017 18:59:01
  • Last modified 20.04.2025 01:37:25

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.

6.5

CVE-2016-10304

  • EPSS 0.89%
  • Published 10.04.2017 14:59:00
  • Last modified 20.04.2025 01:37:25

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Securi...

6.5

CVE-2016-9563

Warning
  • EPSS 58.44%
  • Published 23.11.2016 02:59:06
  • Last modified 12.04.2025 10:46:40

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.

7.5

CVE-2016-9562

  • EPSS 1.17%
  • Published 23.11.2016 02:59:05
  • Last modified 12.04.2025 10:46:40

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

10

CVE-2010-5326

Warning
  • EPSS 26.42%
  • Published 13.05.2016 10:59:00
  • Last modified 12.04.2025 10:46:40

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 throu...