SAP NetWeaver AS JAVA SQL Injection Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. An SQL injection vulnerability exists...

CVE-2016-4015

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...

CVE-2016-4015

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...

SAP NetWeaver Java AS XXE Vulnerability

SAP NetWeaver is SAP's integrated technology platform and the technology foundation for all SAP applications since SAP Business Suite. A xxe security vulnerability exists in the SAP NetWeaver Java AS version 7.4 Configuration Wizard, which can be exploited by remote attackers to cause a denial of...

SAP NetWeaver Java AS Directory Traversal Vulnerability

SAP NetWeaver is SAP's integrated technology platform and the technology foundation for all SAP applications since SAP Business Suite. A directory traversal vulnerability exists in SAP NetWeaver Java AS version 7.4, which can be exploited by remote attackers to read arbitrary files...

CVE-2016-3975

Cross-site scripting XSS vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP...

CVE-2016-3974

XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...

Security feature bypass

The chat feature in the Real-Time Collaboration RTC services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tcrtccoll.appl.rtcwdchat/Chat, pressing "Add users", and doing a search, aka SAP...

PT-2016-3362 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA version 7.5 Description: The issue is related to an XML External Entity XXE vulnerability in the BC-BMT-BPM-DSK component of SAP NetWeaver AS JAVA. This vulnerability allows remote authenticated users to conduct XXE...

SAP Portal - Unvalidated redirect

Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...