Sap Netweaver
61 CVEs affecting Sap Netweaver. Latest disclosed: 2017-09-06. Critical: 3, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-7241 | Critical | 9.8 | 2017-09-06 | XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. |
CVE-2016-10311 | Critical | 9.8 | 2017-04-10 | Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTAR… |
CVE-2016-7435 | Critical | 9.1 | 2016-10-05 | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 a… |
CVE-2016-4014 | High | 8.6 | 2016-04-14 | XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) v… |
CVE-2017-9845 | High | 7.5 | 2017-07-12 | disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SA… |
CVE-2017-5372 | High | 7.5 | 2017-01-23 | The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leve… |
CVE-2016-3635 | High | 7.5 | 2016-10-13 | SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function… |
CVE-2016-4551 | High | 7.5 | 2016-10-05 | The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Securi… |
CVE-2016-4015 | High | 7.5 | 2016-04-14 | The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP… |
CVE-2016-2389 | High | 7.5 | 2016-02-16 | Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4… |
CVE-2016-2387 | Medium | 6.1 | 2016-02-16 | Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitra… |
CVE-2016-1911 | Medium | 6.1 | 2016-01-15 | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to t… |
CVE-2016-1910 | Medium | 5.3 | 2016-01-15 | The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. |
CVE-2016-7437 | Low | 3.3 | 2016-10-13 | SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected att… |
CVE-2015-6662 | | 2015-08-24 | XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact… | |
CVE-2015-5067 | | 2015-06-24 | The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unsp… | |
CVE-2015-2817 | | 2015-04-01 | The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note… | |
CVE-2015-2815 | | 2015-04-01 | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authent… | |
CVE-2015-2107 | | 2015-03-14 | HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | |
CVE-2014-0995 | | 2014-11-06 | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash)… |