Show filters
36 Total Results
Displaying 31-36 of 36
Sort by:
Attacker Value
Unknown
CVE-2018-2503
Disclosure Date: December 11, 2018 (last updated November 27, 2024)
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
0
Attacker Value
Unknown
CVE-2018-2492
Disclosure Date: December 11, 2018 (last updated November 27, 2024)
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
0
Attacker Value
Unknown
CVE-2018-2452
Disclosure Date: September 11, 2018 (last updated November 27, 2024)
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
0
Attacker Value
Unknown
CVE-2017-7717
Disclosure Date: April 14, 2017 (last updated November 26, 2024)
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
0
Attacker Value
Unknown
CVE-2016-9562
Disclosure Date: November 23, 2016 (last updated November 25, 2024)
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
0
Attacker Value
Unknown
CVE-2016-2386
Disclosure Date: February 16, 2016 (last updated November 25, 2024)
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
0
