Netweaver Security Vulnerabilities and Issues — Netweaver CVE List

Lucene search

SapNetweaver

5 matches found

CVE•added 2017/07/12 4:29 p.m.•193 views

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deseria...

7.5CVSS9.7AI score0.05727EPSS

CVE•added 2017/01/23 9:59 p.m.•59 views

CVE-2017-5372

The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientSt...

7.5CVSS7.3AI score0.00714EPSS

CVE•added 2017/09/06 9:29 p.m.•52 views

CVE-2015-7241

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

9.8CVSS9.3AI score0.27377EPSS

CVE•added 2017/07/12 4:29 p.m.•38 views

CVE-2017-9845

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.

7.8CVSS7.2AI score0.04189EPSS

CVE•added 2017/04/10 3:59 p.m.•35 views

CVE-2016-10311

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

9.8CVSS9.3AI score0.04067EPSS