Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap java as 7.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-7717
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
Sap Netweaver Application Server Java 7.40
7.5
CVSSv3
CVE-2016-9562
SAP NetWeaver AS JAVA 7.4 allows remote malicious users to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
Sap Netweaver Application Server Java 7.40
NA
CVE-2016-401410
An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA versi...
8.6
CVSSv3
CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote malicious users to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Sap Netweaver 7.4
1 Github repository
7.5
CVSSv3
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 up to and including 7.4 allows remote malicious users to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
Sap Netweaver 7.3
Sap Netweaver 7.2
Sap Netweaver 7.4
Sap Netweaver 7.1
6.1
CVSSv3
CVE-2016-4016
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote malicious users to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/Naviga...
Sap Java As 7.4
7.5
CVSSv3
CVE-2016-3979
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 up to and including 7.4 allows remote malicious users to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security...
Sap Java As 7.4
7.5
CVSSv3
CVE-2016-3980
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 up to and including 7.4 allows remote malicious users to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
Sap Application Server Java
5.3
CVSSv3
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
6.1
CVSSv3
CVE-2016-2387
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220...
Sap Netweaver 7.40
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »