Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap application server java vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-4158
SAP ABAP & Java Server allows remote malicious users to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
7.5
CVSSv3
CVE-2016-3980
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 up to and including 7.4 allows remote malicious users to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
Sap Application Server Java
NA
CVE-2015-4091
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote malicious users to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Not...
Sap Sap Netweaver Application Server Java 7.4
10
CVSSv3
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
7.5
CVSSv3
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 up to and including 7.5 allows remote malicious users to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
Sap Netweaver Application Server Java
NA
CVE-2014-8590
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote malicious users to access arbitrary files via a crafted request.
Sap Netweaver Java Application Server -
NA
CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote malicious users to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
Sap Netweaver Java Application Server -
5.3
CVSSv3
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
9.1
CVSSv3
CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~we...
Sap Netweaver Application Server Java
1 EDB exploit
6.1
CVSSv3
CVE-2016-3975
Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testC...
Sap Netweaver Application Server Java
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »