Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver application server java vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-4158
SAP ABAP & Java Server allows remote malicious users to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
7.5
CVSSv2
CVE-2015-4091
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote malicious users to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Not...
Sap Sap Netweaver Application Server Java 7.4
5
CVSSv2
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
5
CVSSv2
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
Sap Netweaver Application Server Java
1 EDB exploit
1 Article
5
CVSSv2
CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote malicious users to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
Sap Netweaver Java Application Server -
5
CVSSv2
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 up to and including 7.5 allows remote malicious users to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
Sap Netweaver Application Server Java
4.3
CVSSv2
CVE-2014-8590
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote malicious users to access arbitrary files via a crafted request.
Sap Netweaver Java Application Server -
10
CVSSv2
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
5
CVSSv2
CVE-2016-2388
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Sap Netweaver Application Server Java
2 EDB exploits
1 Github repository
1 Article
6.5
CVSSv2
CVE-2015-8840
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2...
Sap Netweaver Application Server Java -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »