Search Results (440 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4158 1 Sap 2 Netweaver Abap Application Server, Netweaver Java Application Server 2025-04-12 N/A
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
CVE-2014-3133 1 Sap 1 Netweaver Java Application Server 2025-04-12 N/A
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
CVE-2015-3981 1 Sap 1 Netweaver Rfc Sdk 2025-04-12 N/A
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.
CVE-2014-8592 1 Sap 1 Netweaver 2025-04-12 N/A
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.
CVE-2014-8591 1 Sap 1 Netweaver 2025-04-12 N/A
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.
CVE-2014-8590 1 Sap 1 Netweaver Java Application Server 2025-04-12 N/A
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
CVE-2016-1911 1 Sap 1 Netweaver 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.
CVE-2014-8587 1 Sap 5 Commoncryptolib, Hana, Netweaver and 2 more 2025-04-12 N/A
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
CVE-2016-3635 1 Sap 1 Netweaver 2025-04-12 N/A
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
CVE-2016-9562 1 Sap 1 Netweaver Application Server Java 2025-04-12 7.5 High
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
CVE-2015-8840 1 Sap 1 Netweaver Application Server Java 2025-04-12 8.8 High
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
CVE-2015-2815 1 Sap 1 Netweaver 2025-04-12 N/A
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
CVE-2015-1309 1 Sap 1 Netweaver Abap 2025-04-12 N/A
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
CVE-2015-7239 1 Sap 1 Netweaver J2ee Engine 2025-04-12 N/A
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2278 1 Sap 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more 2025-04-12 N/A
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
CVE-2015-6662 1 Sap 1 Netweaver 2025-04-12 N/A
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
CVE-2013-7364 1 Sap 1 Netweaver 2025-04-12 N/A
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
CVE-2016-7437 1 Sap 1 Netweaver 2025-04-12 N/A
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
CVE-2014-6252 1 Sap 1 Netweaver 2025-04-12 N/A
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
CVE-2016-1910 1 Sap 1 Netweaver 2025-04-12 N/A
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.