Page 5 of 42 results (0.002 seconds)

CVSS: 9.1EPSS: 35%CPEs: 1EXPL: 4

CVE-2016-3974 – SAP NetWeaver AS JAVA 7.1 < 7.5 - 'ctcprotocol Servlet' XML External Entity

https://notcve.org/view.php?id=CVE-2016-3974

07 Apr 2016 — XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. Vulnerabilidad de XXE en Configuration Wizard en SAP NetWeaver Java AS 7.1 hasta la versión 7.5 permite a atacantes remotos provocar una denegación de servicio, llevar a cabo ataques S... • https://packetstorm.news/files/id/137527 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.3EPSS: 56%CPEs: 1EXPL: 7

CVE-2016-2388 – SAP NetWeaver Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-2388

16 Feb 2016 — The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. El Universal Worklist Configuration en SAP NetWeaver AS JAVA 7.4 permite a los atacantes remotos obtener información sensible de los usuarios a través de una solicitud HTTP manipulada, también conocida como SAP Security Note 2256846 SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerab... • https://packetstorm.news/files/id/145860 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •