Lucene search
K

44 matches found

OSV
OSV
added 2016/04/07 7:59 p.m.2 views

CVE-2016-3975

Cross-site scripting XSS vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP...

6.1CVSS5.9AI score0.01611EPSS
Exploits2References4
NVD
NVD
added 2016/04/07 7:59 p.m.30 views

CVE-2016-3974

XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...

9.1CVSS9AI score0.15058EPSS
Exploits5References5
Prion
Prion
added 2016/04/07 7:59 p.m.21 views

Security feature bypass

The chat feature in the Real-Time Collaboration RTC services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tcrtccoll.appl.rtcwdchat/Chat, pressing "Add users", and doing a search, aka SAP...

5CVSS6.7AI score0.02413EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2016/03/09 12:0 a.m.7 views

PT-2016-3362 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA version 7.5 Description: The issue is related to an XML External Entity XXE vulnerability in the BC-BMT-BPM-DSK component of SAP NetWeaver AS JAVA. This vulnerability allows remote authenticated users to conduct XXE...

6.5CVSS8.9AI score0.23805EPSS
Exploits0References8
Rows per page
Query Builder