Netweaver Application Server Java CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Sap Subscriptions

Filtered by product Netweaver Application Server Java Subscriptions

Search

Switch to Advanced Search (Beta)

Total 67 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-9562	1 Sap	1 Netweaver Application Server Java	2024-11-21	7.5 High
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
CVE-2016-3975	1 Sap	1 Netweaver Application Server Java	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.
CVE-2016-3974	1 Sap	1 Netweaver Application Server Java	2024-11-21	9.1 Critical
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
CVE-2016-3973	1 Sap	1 Netweaver Application Server Java	2024-11-21	5.3 Medium
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
CVE-2016-10304	1 Sap	1 Netweaver Application Server Java	2024-11-21	6.5 Medium
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
CVE-2015-8840	1 Sap	1 Netweaver Application Server Java	2024-11-21	8.8 High
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
CVE-2024-47592	1 Sap	1 Netweaver Application Server Java	2024-11-12	5.3 Medium
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.

« first previous Page 4 of 4.