Total
90 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6252 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.5 MEDIUM | N/A |
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
CVE-2014-8591 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | |||||
CVE-2014-8592 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | |||||
CVE-2015-2815 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.5 MEDIUM | N/A |
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | |||||
CVE-2015-2817 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||||
CVE-2015-5067 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
CVE-2015-6662 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.8 MEDIUM | N/A |
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
CVE-2016-10311 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | |||||
CVE-2016-1910 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||||
CVE-2016-1911 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | |||||
CVE-2016-2389 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.8 HIGH | 7.5 HIGH |
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | |||||
CVE-2016-2387 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | |||||
CVE-2016-4014 | 1 Sap | 1 Netweaver | 2018-12-10 | 9.0 HIGH | 8.6 HIGH |
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | |||||
CVE-2016-4015 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | |||||
CVE-2017-5372 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. | |||||
CVE-2017-9844 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. | |||||
CVE-2017-9845 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.8 HIGH | 7.5 HIGH |
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | |||||
CVE-2018-2462 | 1 Sap | 1 Netweaver | 2018-11-26 | 6.5 MEDIUM | 8.8 HIGH |
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | |||||
CVE-2018-2470 | 1 Sap | 1 Netweaver | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2018-2464 | 1 Sap | 1 Netweaver | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. |