CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

CVE-2017-7717

The CVE-2017-7717 entry concerns SAP NetWeaver AS Java 7.4, specifically the ES UDDI component. The vulnerability arises in the getUserUddiElements method, described as an SQL injection that permits remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This is supp...

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

Null pointer dereference

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-2388

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...