Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver application server java vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote malicious users to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
Sap Netweaver Java Application Server -
890
VMScore
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
445
VMScore
CVE-2016-3973
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ...
Sap Netweaver Application Server Java
383
VMScore
CVE-2016-3975
Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testC...
Sap Netweaver Application Server Java
505
VMScore
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
Sap Netweaver Application Server Java
1 EDB exploit
1 Article
645
VMScore
CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~we...
Sap Netweaver Application Server Java
1 EDB exploit
510
VMScore
CVE-2016-2388
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Sap Netweaver Application Server Java
2 EDB exploits
1 Github repository
1 Article
383
VMScore
CVE-2014-8590
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote malicious users to access arbitrary files via a crafted request.
Sap Netweaver Java Application Server -
578
VMScore
CVE-2015-8840
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2...
Sap Netweaver Application Server Java -
668
VMScore
CVE-2015-4091
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote malicious users to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Not...
Sap Sap Netweaver Application Server Java 7.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »