The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetWeaver

vulnerability announce CVE-2018-2486 CVE-2018-2492 CVE-2018-2494

SAP: multiples vulnerabilities of December 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 11/12/2018.
Identifiers: CVE-2018-2486, CVE-2018-2492, CVE-2018-2494, CVE-2018-2497, CVE-2018-2500, CVE-2018-2502, CVE-2018-2503, CVE-2018-2504, CVE-2018-2505, VIGILANCE-VUL-28002.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2473 CVE-2018-2476 CVE-2018-2477

SAP: multiples vulnerabilities of November 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 13/11/2018.
Identifiers: CVE-2018-2473, CVE-2018-2476, CVE-2018-2477, CVE-2018-2478, CVE-2018-2479, CVE-2018-2481, CVE-2018-2482, CVE-2018-2483, CVE-2018-2485, CVE-2018-2487, CVE-2018-2488, CVE-2018-2489, CVE-2018-2490, CVE-2018-2491, VIGILANCE-VUL-27765.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2466 CVE-2018-2467 CVE-2018-2468

SAP: multiples vulnerabilities of October 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 09/10/2018.
Identifiers: CVE-2018-2466, CVE-2018-2467, CVE-2018-2468, CVE-2018-2469, CVE-2018-2470, CVE-2018-2471, CVE-2018-2472, CVE-2018-2474, VIGILANCE-VUL-27445.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-11784

Apache Tomcat: open redirect via Directory Redirect

Synthesis of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Impacted products: Tomcat, Business Objects, Debian, Fedora, QRadar SIEM, ePO, McAfee Web Gateway, Snap Creator Framework, SnapManager, openSUSE Leap, Oracle Communications, Solaris, RHEL, SAP ERP, NetWeaver, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: bulletinoct2018, cpuapr2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, RHSA-2019:1529-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, USN-3787-1, VIGILANCE-VUL-27396.

Description of the vulnerability

An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-16832 CVE-2018-2452 CVE-2018-2454

SAP: multiples vulnerabilities of September 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 11/09/2018.
Identifiers: CVE-2018-16832, CVE-2018-2452, CVE-2018-2454, CVE-2018-2455, CVE-2018-2457, CVE-2018-2458, CVE-2018-2459, CVE-2018-2460, CVE-2018-2461, CVE-2018-2462, CVE-2018-2463, CVE-2018-2464, CVE-2018-2465, VIGILANCE-VUL-27204.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-2441 CVE-2018-2442 CVE-2018-2444

SAP: multiples vulnerabilities of August 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 14/08/2018.
Identifiers: CVE-2018-2441, CVE-2018-2442, CVE-2018-2444, CVE-2018-2445, CVE-2018-2446, CVE-2018-2447, CVE-2018-2448, CVE-2018-2449, CVE-2018-2450, CVE-2018-2451, VIGILANCE-VUL-26981.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-8039

Apache CXF: Man-in-the-Middle via com.sun.net.ssl

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via com.sun.net.ssl on Apache CXF, in order to read or write data in the session.
Impacted products: Business Objects, Rational ClearCase, WebSphere AS Liberty, WebSphere AS Traditional, Oracle Communications, WebLogic, JBoss EAP by Red Hat, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 27/07/2018.
Identifiers: cpujul2019, CVE-2018-8039, ibm10720065, ibm10734899, RHSA-2018:2276-01, RHSA-2018:2277-01, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:3817-01, VIGILANCE-VUL-26852.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via com.sun.net.ssl on Apache CXF, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-2427 CVE-2018-2431 CVE-2018-2432

SAP: multiples vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 10/07/2018.
Identifiers: CVE-2018-2427, CVE-2018-2431, CVE-2018-2432, CVE-2018-2433, CVE-2018-2434, CVE-2018-2435, CVE-2018-2436, CVE-2018-2437, CVE-2018-2438, CVE-2018-2439, CVE-2018-2440, VIGILANCE-VUL-26673.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1002204

Node.js adm-zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js adm-zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Impacted products: Business Objects, Nodejs Modules ~ not comprehensive, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 13/06/2018.
Identifiers: CVE-2018-1002204, VIGILANCE-VUL-26400.

Description of the vulnerability

An attacker can traverse directories of Node.js adm-zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-2424 CVE-2018-2425 CVE-2018-2428

SAP: multiples vulnerabilities of June 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/06/2018.
Identifiers: CERTFR-2018-AVI-291, CVE-2018-2424, CVE-2018-2425, CVE-2018-2428, VIGILANCE-VUL-26393.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetWeaver: