Vulnerabilities > SAP > Netweaver > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-10 CVE-2020-6203 Path Traversal vulnerability in SAP Netweaver
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
network
low complexity
sap CWE-22
critical
9.1
2020-02-05 CVE-2011-1517 Unspecified vulnerability in SAP Netweaver 7.0
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function.
network
low complexity
sap
critical
9.8
2020-01-23 CVE-2013-1592 Classic Buffer Overflow vulnerability in SAP Netweaver
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
network
low complexity
sap CWE-120
critical
9.8
2017-09-06 CVE-2015-7241 XXE vulnerability in SAP Netweaver 4.0/6.4/7.0
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
network
low complexity
sap CWE-611
critical
9.8
2017-07-12 CVE-2017-9844 Deserialization of Untrusted Data vulnerability in SAP Netweaver 7400.12.21.30308
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
network
low complexity
sap CWE-502
critical
9.8
2017-04-10 CVE-2016-10311 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.
network
low complexity
sap CWE-119
critical
9.8
2016-10-05 CVE-2016-7435 Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver 7.40
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.
network
low complexity
sap CWE-264
critical
9.1