Netweaver Security Vulnerabilities and Issues — Netweaver CVE List

Lucene search

SapNetweaver

4 matches found

CVE•added 2015/06/24 2:59 p.m.•87 views

CVE-2015-5067

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

7.5CVSS6.8AI score0.01584EPSS

CVE•added 2015/04/01 2:59 p.m.•50 views

CVE-2015-2815

Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.

6.5CVSS8.1AI score0.03458EPSS

CVE•added 2015/04/01 2:59 p.m.•45 views

CVE-2015-2817

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

5CVSS6.2AI score0.00435EPSS

CVE•added 2015/08/24 2:59 p.m.•42 views

CVE-2015-6662

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.

6.8CVSS7.1AI score0.00639EPSS