Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-14 | CVE-2016-4017 | Unspecified vulnerability in SAP Hana The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | 7.5 |
| 2016-04-14 | CVE-2016-4016 | Cross-site Scripting vulnerability in SAP Java AS 7.4 Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | 6.1 |
| 2016-04-14 | CVE-2016-4015 | Unspecified vulnerability in SAP Netweaver The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | 7.5 |
| 2016-04-14 | CVE-2016-4014 | Unspecified vulnerability in SAP Netweaver 7.4 XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | 8.6 |
| 2016-04-08 | CVE-2016-3980 | Improper Input Validation vulnerability in SAP Application Server Java 7.2/7.3/7.4 The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | 7.5 |
| 2016-04-08 | CVE-2016-3979 | Improper Input Validation vulnerability in SAP Java AS 7.4 Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185. | 7.5 |
| 2016-04-08 | CVE-2015-8840 | Missing Authorization vulnerability in SAP Netweaver Application Server Java The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. | 8.8 |
| 2016-04-07 | CVE-2016-3976 | Path Traversal vulnerability in SAP Netweaver Application Server Java Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | 7.5 |
| 2016-04-07 | CVE-2016-3975 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. | 6.1 |
| 2016-04-07 | CVE-2016-3974 | XXE vulnerability in SAP Netweaver Application Server Java XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. | 9.1 |