Vulnerabilities > SAP > Netweaver > 7.40
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-15 | CVE-2016-1911 | Cross-site Scripting vulnerability in SAP Netweaver 7.40 Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | 4.3 |
| 2016-01-15 | CVE-2016-1910 | Information Exposure vulnerability in SAP Netweaver 7.40 The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | 5.0 |
| 2015-08-24 | CVE-2015-6662 | Unspecified vulnerability in SAP Netweaver 7.40 XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. network sap | 6.8 |
| 2015-04-01 | CVE-2015-2817 | Information Exposure vulnerability in SAP Netweaver 7.40 The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | 5.0 |
| 2015-04-01 | CVE-2015-2815 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver 7.0/7.40 Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | 6.5 |