Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Filtered by product Netweaver

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6203 1 Sap 1 Netweaver 2020-03-12 6.4 MEDIUM 9.1 CRITICAL
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
CVE-2011-1517 1 Sap 1 Netweaver 2020-02-07 7.5 HIGH 9.8 CRITICAL
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.
CVE-2013-1592 1 Sap 1 Netweaver 2020-01-31 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
CVE-2016-10311 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.
CVE-2017-9844 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH 9.8 CRITICAL
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
CVE-2015-7241 1 Sap 1 Netweaver 2018-10-09 7.5 HIGH 9.8 CRITICAL
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2016-7435 1 Sap 1 Netweaver 2016-11-28 9.0 HIGH 9.1 CRITICAL
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.