XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
Max CVSS
6.8
EPSS Score
0.66%
Published
2015-08-24
Updated
2018-12-10
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
Max CVSS
7.5
EPSS Score
1.74%
Published
2015-06-24
Updated
2018-12-10
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
Max CVSS
5.0
EPSS Score
0.53%
Published
2015-04-01
Updated
2018-12-10
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
Max CVSS
6.5
EPSS Score
1.33%
Published
2015-04-01
Updated
2018-12-10
4 vulnerabilities found