Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Netweaver
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 96 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-15 | CVE-2016-1910 | The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | Netweaver | 5.3 | ||
| 2017-04-10 | CVE-2016-10311 | Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | Netweaver | 9.8 | ||
| 2017-09-06 | CVE-2015-7241 | XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | Netweaver | 9.8 | ||
| 2015-08-24 | CVE-2015-6662 | XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | Netweaver | N/A | ||
| 2015-06-24 | CVE-2015-5067 | The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | Netweaver | N/A | ||
| 2015-04-01 | CVE-2015-2817 | The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | Netweaver | N/A | ||
| 2015-04-01 | CVE-2015-2815 | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | Netweaver | N/A | ||
| 2014-11-04 | CVE-2014-8592 | Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | Netweaver | N/A | ||
| 2014-11-04 | CVE-2014-8591 | Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | Netweaver | N/A | ||
| 2014-09-05 | CVE-2014-6252 | Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | Netweaver | N/A |