SAP

Netweaver Application Server Java

67 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2015-8840

  • EPSS 0.48%
  • Published 08.04.2016 00:59:00
  • Last modified 12.04.2025 10:46:40

The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) we...

7.5

CVE-2016-3976

Warning Exploit
  • EPSS 81.47%
  • Published 07.04.2016 23:59:10
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

6.1

CVE-2016-3975

Exploit
  • EPSS 0.66%
  • Published 07.04.2016 19:59:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navi...

9.1

CVE-2016-3974

Exploit
  • EPSS 13.85%
  • Published 07.04.2016 19:59:05
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~m...

5.3

CVE-2016-3973

  • EPSS 0.5%
  • Published 07.04.2016 19:59:04
  • Last modified 12.04.2025 10:46:40

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat...

5.3

CVE-2016-2388

Warning Exploit
  • EPSS 47.94%
  • Published 16.02.2016 15:59:02
  • Last modified 12.04.2025 10:46:40

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

9.8

CVE-2016-2386

Warning Exploit
  • EPSS 44.33%
  • Published 16.02.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.