Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap java as 7.4 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-3979
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 up to and including 7.4 allows remote malicious users to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security...
Sap Java As 7.4
4.3
CVSSv2
CVE-2016-4016
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote malicious users to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/Naviga...
Sap Java As 7.4
7.5
CVSSv2
CVE-2015-4091
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote malicious users to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Not...
Sap Sap Netweaver Application Server Java 7.4
9
CVSSv2
CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote malicious users to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Sap Netweaver 7.4
1 Github repository
5
CVSSv2
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
5
CVSSv2
CVE-2016-2388
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Sap Netweaver Application Server Java
2 EDB exploits
1 Github repository
1 Article
5
CVSSv2
CVE-2016-3980
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 up to and including 7.4 allows remote malicious users to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
Sap Application Server Java
4.3
CVSSv2
CVE-2016-2387
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220...
Sap Netweaver 7.40
5
CVSSv2
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 up to and including 7.4 allows remote malicious users to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
Sap Netweaver 7.3
Sap Netweaver 7.2
Sap Netweaver 7.4
Sap Netweaver 7.1
6.5
CVSSv2
CVE-2017-7717
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
Sap Netweaver Application Server Java 7.40
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »