Vulnerabilities > SAP > Netweaver Application Server Java

DATE CVE VULNERABILITY TITLE RISK
2016-11-23 CVE-2016-9563 XXE vulnerability in SAP Netweaver Application Server Java 7.50
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
network
low complexity
sap CWE-611
4.0
4.0
2016-04-07 CVE-2016-3976 Path Traversal vulnerability in SAP Netweaver Application Server Java
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
network
low complexity
sap CWE-22
5.0
5.0
2016-02-16 CVE-2016-2388 Information Exposure vulnerability in SAP Netweaver Application Server Java
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
network
low complexity
sap CWE-200
5.0
5.0