Vulnerabilities > SAP > Java AS

DATE CVE VULNERABILITY TITLE RISK
2016-04-14 CVE-2016-4016 Cross-site Scripting vulnerability in SAP Java AS 7.4
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.
network
low complexity
sap CWE-79
6.1
2016-04-08 CVE-2016-3979 Improper Input Validation vulnerability in SAP Java AS 7.4
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
network
low complexity
sap CWE-20
7.5