Filtered by vendor Sap Subscriptions
Filtered by product Netweaver Application Server Java Subscriptions
Total 66 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3973 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.3 Medium
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
CVE-2016-2388 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.3 Medium
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
CVE-2016-2386 1 Sap 1 Netweaver Application Server Java 2024-11-21 9.8 Critical
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
CVE-2016-10304 1 Sap 1 Netweaver Application Server Java 2024-11-21 6.5 Medium
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
CVE-2015-8840 1 Sap 1 Netweaver Application Server Java 2024-11-21 8.8 High
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
CVE-2024-47592 1 Sap 1 Netweaver Application Server Java 2024-11-12 5.3 Medium
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.