44 matches found
CVE-2016-3975
Cross-site scripting XSS vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP...
CVE-2016-3974
XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...
Security feature bypass
The chat feature in the Real-Time Collaboration RTC services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tcrtccoll.appl.rtcwdchat/Chat, pressing "Add users", and doing a search, aka SAP...
PT-2016-3362 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA version 7.5 Description: The issue is related to an XML External Entity XXE vulnerability in the BC-BMT-BPM-DSK component of SAP NetWeaver AS JAVA. This vulnerability allows remote authenticated users to conduct XXE...