Filtered by vendor Sap
Subscriptions
Filtered by product Netweaver
Subscriptions
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | ||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | ||||
| CVE-2016-4014 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | ||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2025-04-12 | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||||
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2025-04-12 | N/A |
| HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | ||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | ||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | ||||
| CVE-2016-2389 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | ||||
| CVE-2014-8591 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | ||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | ||||
| CVE-2014-4003 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | ||||
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | ||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | ||||
| CVE-2014-0995 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | ||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. | ||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||