Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-14	CVE-2016-4017	Denial of Service vulnerability in SAP HANA The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. network low complexity sap	5.0
2016-04-14	CVE-2016-4016	Cross-site Scripting vulnerability in SAP Java AS 7.4 Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. network sap CWE-79	4.3
2016-04-14	CVE-2016-4015	Denial of Service vulnerability in SAP NetWeaver Enqueue Server The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. network low complexity sap	5.0
2016-04-08	CVE-2016-3980	Improper Input Validation vulnerability in SAP Application Server Java 7.2/7.3/7.4 The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. network low complexity sap CWE-20	5.0
2016-04-08	CVE-2016-3979	Improper Input Validation vulnerability in SAP Java AS 7.4 Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185. network low complexity sap CWE-20	5.0
2016-04-08	CVE-2015-8840	Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. network low complexity sap CWE-264	6.5
2016-04-07	CVE-2016-3976	Path Traversal vulnerability in SAP Netweaver Application Server Java Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. network low complexity sap CWE-22	5.0
2016-04-07	CVE-2016-3975	Cross-site Scripting vulnerability in SAP Netweaver 7.40 Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. network sap CWE-79	4.3
2016-04-07	CVE-2016-3973	Information Exposure vulnerability in SAP Netweaver 7.40 The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. network low complexity sap CWE-200	5.0
2016-02-22	CVE-2016-2536	Resource Management Errors vulnerability in multiple products Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. network sap google CWE-399	6.8