Vulnerabilities > SAP > Netweaver > 7.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-08 | CVE-2019-0248 | Unspecified vulnerability in SAP Basis and Netweaver Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. network sap | 4.3 |
2017-09-19 | CVE-2017-14581 | Resource Exhaustion vulnerability in SAP Netweaver The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | 5.0 |
2017-07-25 | CVE-2017-11457 | XXE vulnerability in SAP Netweaver 7.5 XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249. | 4.0 |
2017-05-23 | CVE-2017-8913 | XXE vulnerability in SAP Netweaver 7.5 The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. | 6.5 |
2017-04-10 | CVE-2016-10311 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | 7.5 |
2017-04-10 | CVE-2016-10304 | Deserialization of Untrusted Data vulnerability in SAP Netweaver 7.5 The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788. | 4.0 |
2016-05-13 | CVE-2010-5326 | Remote Code Execution vulnerability in SAP Netweaver Invoker Servlet The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | 10.0 |
2014-05-19 | CVE-2014-3787 | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | 5.0 |
2013-11-20 | CVE-2013-6815 | Improper Input Validation vulnerability in SAP Netweaver The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
2013-10-24 | CVE-2013-6244 | Information Disclosure vulnerability in SAP NetWeaver Web Dynpro Live Update XML External Entity The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |