Netweaver Application Server Java@7.50 Security Vulnerabilities and Issues — Netweaver Application Server Java@7.50 CVE List

Lucene search

SapNetweaver Application Server Java7.50

4 matches found

CVE•added 2017/08/07 8:29 p.m.•199 views

CVE-2017-12637

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

7.5CVSS7.4AI score0.91938EPSS

CVE•added 2017/07/25 6:29 p.m.•49 views

CVE-2017-11457

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.

6.5CVSS6.2AI score0.00587EPSS

CVE•added 2017/05/23 4:29 a.m.•35 views

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.

8.8CVSS8.1AI score0.00552EPSS

CVE•added 2017/04/10 2:59 p.m.•33 views

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.

6.5CVSS6.1AI score0.00893EPSS