Vulnerabilities > SAP > Netweaver > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
| 2017-07-12 | CVE-2017-9845 | Resource Exhaustion vulnerability in SAP Netweaver 7.40 disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | 7.5 |
| 2017-01-23 | CVE-2017-5372 | Information Exposure vulnerability in SAP Netweaver The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. | 7.5 |
| 2016-10-13 | CVE-2016-3635 | Improper Access Control vulnerability in SAP Netweaver 7.40 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | 7.5 |
| 2016-10-05 | CVE-2016-4551 | Improper Access Control vulnerability in SAP Netweaver, SAP ABA and SAP Basis The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | 7.5 |
| 2016-04-14 | CVE-2016-4015 | Unspecified vulnerability in SAP Netweaver The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | 7.5 |
| 2016-04-14 | CVE-2016-4014 | Unspecified vulnerability in SAP Netweaver 7.4 XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | 8.6 |
| 2016-02-16 | CVE-2016-2389 | Path Traversal vulnerability in SAP Netweaver 7.40 Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. | 7.5 |