Sap Netweaver_application_server_java
12 CVEs affecting Sap Netweaver_application_server_java. Latest disclosed: 2026-04-14. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-3974 | Critical | 9.1 | 2016-04-07 | XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of servi… |
CVE-2017-8913 | High | 8.8 | 2017-05-23 | The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a cra… |
CVE-2017-7717 | High | 8.8 | 2017-04-14 | SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execut… |
CVE-2015-8840 | High | 8.8 | 2016-04-08 | The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive inf… |
CVE-2017-14581 | High | 7.5 | 2017-09-19 | The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted reques… |
CVE-2016-9562 | High | 7.5 | 2016-11-23 | SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4… |
CVE-2017-11457 | Medium | 6.5 | 2017-07-25 | XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct… |
CVE-2016-10304 | Medium | 6.5 | 2017-04-10 | The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service insta… |
CVE-2026-27674 | Medium | 6.1 | 2026-04-14 | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that i… |
CVE-2017-11458 | Medium | 6.1 | 2017-07-25 | Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web scrip… |
CVE-2016-3975 | Medium | 6.1 | 2016-04-07 | Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the naviga… |
CVE-2016-3973 | Medium | 5.3 | 2016-04-07 | The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive… |