Sap: >> Netweaver >> 7.4 Security Vulnerabilities
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.
CVSS Score
9.8
EPSS Score
0.041
Published
2017-04-10
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-01-23
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
CVSS Score
7.5
EPSS Score
0.03
Published
2016-04-14
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
CVSS Score
8.6
EPSS Score
0.081
Published
2016-04-14
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.006
Published
2014-11-04
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-05-19
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.007
Published
2013-11-20
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.007
Published
2013-10-24
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2013-02-12
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
CVSS Score
4.3
EPSS Score
0.003
Published
2011-12-08
Page 1