CVE-2016-4016

CVE-2016-4016: SAP Manufacturing Integration Intelligence (MII / xMII) 15 is affected by a reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the title parameter of the NavigationApplication URL (webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigati...

CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

Directory traversal

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

CVE-2016-2389

SAP xMII 15.0 for SAP NetWeaver 7.4 is affected by CVE-2016-2389 due to a directory traversal in the GetFileList function (Path parameter to /Catalog), enabling read of arbitrary server files (e.g., ../../../../etc/passwd). Affected component is SAP MII 15.0; CVSS v3 base score 7.5 (Network, Low ...