CVSS: 7.5EPSS: 82%CPEs: 1EXPL: 4CVE-2016-3976 – SAP NetWeaver Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2016-3976
07 Apr 2016 — Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Vulnerabilidad de salto de directorio en SAP NetWeaver AS Java 7.1 hasta la versión 7.5 permite a atacantes remotos leer archivos arbitrarios a través de ..\ (punto punto barra invertida) en el parámetro fileName para CrashFileDownloadServlet, también conocida como SAP Sec... • https://packetstorm.news/files/id/137528 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3973 – SAP NetWeaver AS JAVA 7.5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-3973
07 Apr 2016 — The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. La característica de chat en los servicios Real-Time Collaboration (RTC) 7.3 y 7.4 en SAP NetWeaver Java AS 7.1 hasta la versión 7.5 permite a atacantes remotos obtener información sensi... • https://packetstorm.news/files/id/137579 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 30%CPEs: 1EXPL: 4CVE-2016-3974 – SAP NetWeaver AS JAVA 7.1 < 7.5 - 'ctcprotocol Servlet' XML External Entity
https://notcve.org/view.php?id=CVE-2016-3974
07 Apr 2016 — XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. Vulnerabilidad de XXE en Configuration Wizard en SAP NetWeaver Java AS 7.1 hasta la versión 7.5 permite a atacantes remotos provocar una denegación de servicio, llevar a cabo ataques S... • https://packetstorm.news/files/id/137527 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2016-3975 – SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-3975
07 Apr 2016 — Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. Vulnerabilidad de XSS en SAP NetWeaver AS Java 7.1 hasta la versión 7.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro navigationT... • https://packetstorm.news/files/id/137529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 81%CPEs: 1EXPL: 7CVE-2016-2388 – SAP NetWeaver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-2388
16 Feb 2016 — The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. El Universal Worklist Configuration en SAP NetWeaver AS JAVA 7.4 permite a los atacantes remotos obtener información sensible de los usuarios a través de una solicitud HTTP manipulada, también conocida como SAP Security Note 2256846 SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerab... • https://packetstorm.news/files/id/145860 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •