3 matches found
VulnCheck KEV: CVE-2016-2389
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...
CVE-2016-3635
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity UCON access control list and execute arbitrary Remote Function Modules RFM by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP...
CVE-2016-1910
The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...