Page 12 of 58 results (0.006 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. La característica de chat en los servicios Real-Time Collaboration (RTC) 7.3 y 7.4 en SAP NetWeaver Java AS 7.1 hasta la versión 7.5 permite a atacantes remotos obtener información sensible de usuario visitando webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, presionando "Add users" y haciendo una búsqueda, también conocido como SAP Security Note 2255990. SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer form an information disclosure vulnerability in WD_CHAT. • http://packetstormsecurity.com/files/137579/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Jun/46 https://erpscan.io/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 5

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. El Universal Worklist Configuration en SAP NetWeaver AS JAVA 7.4 permite a los atacantes remotos obtener información sensible de los usuarios a través de una solicitud HTTP manipulada, también conocida como SAP Security Note 2256846 SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerability. The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. • https://www.exploit-db.com/exploits/43495 https://www.exploit-db.com/exploits/39841 http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html http://seclists.org/fulldisclosure/2016/May/55 https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 55%CPEs: 1EXPL: 6

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Vulnerabilidad de inyección SQL en el servidor UDDI en SAP NetWeaver J2EE Engine 7.40 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocida como SAP Security Note 2101079. SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a remote SQL injection vulnerability. SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. • https://www.exploit-db.com/exploits/43495 https://www.exploit-db.com/exploits/39840 https://github.com/murataydemir/CVE-2016-2386 http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html http://seclists.org/fulldisclosure/2016/May/56 https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review https://github.com/vah13/SAP_exploit • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •