Show filters
120 Total Results
Displaying 71-80 of 120
Sort by:
Attacker Value
Unknown
CVE-2017-11457
Disclosure Date: July 25, 2017 (last updated November 26, 2024)
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
0
Attacker Value
Unknown
CVE-2017-11458
Disclosure Date: July 25, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
0
Attacker Value
Unknown
CVE-2017-8913
Disclosure Date: May 23, 2017 (last updated November 26, 2024)
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
0
Attacker Value
Unknown
CVE-2017-7717
Disclosure Date: April 14, 2017 (last updated November 26, 2024)
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
0
Attacker Value
Unknown
CVE-2016-10304
Disclosure Date: April 10, 2017 (last updated November 26, 2024)
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
0
Attacker Value
Unknown
CVE-2016-9563
Disclosure Date: November 23, 2016 (last updated November 25, 2024)
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
0
Attacker Value
Unknown
CVE-2016-9562
Disclosure Date: November 23, 2016 (last updated November 25, 2024)
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
0
Attacker Value
Unknown
CVE-2015-5041
Disclosure Date: June 06, 2016 (last updated November 25, 2024)
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
0
Attacker Value
Unknown
CVE-2010-5326
Disclosure Date: May 13, 2016 (last updated November 25, 2024)
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
0
Attacker Value
Unknown
CVE-2016-3980
Disclosure Date: April 08, 2016 (last updated November 25, 2024)
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
0
