Netweaver - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Netweaver
(Sap)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	96

Date	Id	Summary	Products	Score	Patch	Annotated
2016-04-14	CVE-2016-4015	The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.	Netweaver	7.5
2016-04-14	CVE-2016-4014	XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.	Netweaver	8.6
2016-10-13	CVE-2016-3635	SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.	Netweaver	7.5
2016-02-16	CVE-2016-2389	Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.	Netweaver	7.5
2016-02-16	CVE-2016-2387	Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571.	Netweaver	6.1
2016-01-15	CVE-2016-1911	Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.	Netweaver	6.1
2016-01-15	CVE-2016-1910	The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.	Netweaver	5.3
2017-04-10	CVE-2016-10311	Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.	Netweaver	9.8
2017-09-06	CVE-2015-7241	XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.	Netweaver	9.8
2015-08-24	CVE-2015-6662	XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.	Netweaver	N/A