CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2017-5372

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

Authorization

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

CVE-2017-5372

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

CVE-2017-5372

SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...

SAP NetWeaver AS JAVA P4 information disclosure Vulnerability(CVE-2017-5372)

No description provided by source...

CVE-2016-9562

CVE-2016-9562 affects SAP NetWeaver AS JAVA 7.4. The vulnerability allows remote DoS via an HTTPS GET to sap.com~P4TunnelingApp!web/myServlet, caused by a fault in icman/p4 plug-in handling that can trigger a null-pointer/DoS condition. Affected packages include SAP Kernel 7.21/7.22 variants; imp...

SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML external entity injection vulnerability

1 It is possible, that an attacker can perform a DoS attack for example, an XML Entity expansion attack 2 An SMB Relay attack is a type of man-in-the-middle attack where an attacker asks a victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target. T...

SAP NetWeaver AS Java Multiple Vulnerabilities (2235994, 2234971, 2238375)

SAP NetWeaver Application Server AS Java is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2015-8840

The XML Data Archiving Service XML DAS in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to 1 webcontent/cas/casenter.jsp, 2...

CVE-2015-8840

Affected component: SAP NetWeaver AS Java — XML DAS (XML Data Archiving Service). Vulnerability summary: The XML DAS service does not perform authorization checks, enabling remote authenticated users to obtain sensitive information, and potentially gain privileges or cause other impact through re...

SAP AS JAVA DoS in BC-IAM-SSO-OTP package via QR Servlet

Application: SAP AS JAVA SSO Authentication Library Versions Affected: SAP AS JAVA SSO Authentication Library 2.0-3.0 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2389042 Author: Vahagn Vardanyan ERPSca...

SAP NetWeaver JAVA AS UDDI component - XXE vulnerability

Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.4 Vendor URL: SAP Bugs: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 14.04.2016 Reference: SAP Security Note 2254389 Author: Vahagn Vardanyan ERPScan Vulnerability Information Class: denial of service Impac...

[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...

CVE-2015-4091

XML external entity XXE vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tcsldwdmain/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851...

CVE-2015-4091

XML external entity XXE vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tcsldwdmain/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851...

CVE-2015-4091

CVE-2015-4091 describes an XML External Entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4. The issue arises when the SAP XML parser at /sap.com/tc~sld~wd~main/Main processes incoming XML requests with a user-specified DTD (CIM UPLOAD), potentially allowing remote attackers to send TCP reque...

SAP NetWeaver Enqueue Server - DoS vulnerability

Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.1 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2258784 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

CVE-2014-8590

CVE-2014-8590 is an XML external entity (XXE) vulnerability in the SAP NetWeaver Application Server (AS) Java Web Service Navigator. An attacker can remotely access arbitrary files by sending a crafted request. Affected product/component: SAP NetWeaver AS Java Web Service Navigator (Java). Root c...

SAP NetWeaver AS Java - XXE

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java Vendor URL: http://www.sap.com Bugs: XXE Reported: 16.06.2014 Vendor response: 17.06.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2045176 Authors: Vahagn Vardanyan ERPScan Description SAP XML pars...