Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-3635
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication ...
Sap Netweaver 7.40
NA
CVE-2016-401410
An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA versi...
8.6
CVSSv3
CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote malicious users to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Sap Netweaver 7.4
1 Github repository
7.5
CVSSv3
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 up to and including 7.4 allows remote malicious users to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
Sap Netweaver 7.3
Sap Netweaver 7.2
Sap Netweaver 7.4
Sap Netweaver 7.1
5.3
CVSSv3
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
5.3
CVSSv3
CVE-2016-2388
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Sap Netweaver Application Server Java
2 EDB exploits
1 Github repository
1 Article
6.1
CVSSv3
CVE-2016-2387
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220...
Sap Netweaver 7.40
7.5
CVSSv3
CVE-2016-2389
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Secu...
Sap Netweaver 7.40
1 EDB exploit
5.3
CVSSv3
CVE-2016-1910
The User Management Engine (UME) in SAP NetWeaver 7.4 allows malicious users to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
Sap Netweaver 7.40
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2016-1911
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Secur...
Sap Netweaver 7.40
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »