Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver java application server - vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
7.5
CVSSv3
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
Sap Netweaver Application Server Java
1 EDB exploit
1 Article
NA
CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote malicious users to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
Sap Netweaver Java Application Server -
NA
CVE-2014-8590
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote malicious users to access arbitrary files via a crafted request.
Sap Netweaver Java Application Server -
6.1
CVSSv3
CVE-2016-3975
Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testC...
Sap Netweaver Application Server Java
7.5
CVSSv3
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 up to and including 7.5 allows remote malicious users to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
Sap Netweaver Application Server Java
5.3
CVSSv3
CVE-2016-2388
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Sap Netweaver Application Server Java
2 EDB exploits
1 Github repository
1 Article
10
CVSSv3
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
9.1
CVSSv3
CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~we...
Sap Netweaver Application Server Java
1 EDB exploit
NA
CVE-2015-4091
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote malicious users to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Not...
Sap Sap Netweaver Application Server Java 7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »