The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetWeaver

computer vulnerability CVE-2017-11457 CVE-2017-11458 CVE-2017-11459

SAP: multiples vulnerabilities of July 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 11/07/2017.
Identifiers: CVE-2017-11457, CVE-2017-11458, CVE-2017-11459, CVE-2017-11460, CVE-2017-12637, CVE-2017-9843, CVE-2017-9844, CVE-2017-9845, ERPSCAN-17-032, ERPSCAN-17-033, ERPSCAN-17-034, ERPSCAN-17-035, ERPSCAN-17-036, VIGILANCE-VUL-23195.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 22957

SAP: multiples vulnerabilities of June 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, SAP ERP, NetWeaver.
Severity: 3/4.
Creation date: 13/06/2017.
Identifiers: ERPSCAN-17-031, VIGILANCE-VUL-22957.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-6256

SAP: multiples vulnerabilities of May 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Creation date: 09/05/2017.
Revisions dates: 12/05/2017, 16/05/2017.
Identifiers: CORE-2017-0001, CVE-2016-6256, ERPSCAN-17-027, ERPSCAN-17-028, VIGILANCE-VUL-22669.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-6950

SAP: multiples vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 14/03/2017.
Revisions dates: 15/03/2017, 22/03/2017.
Identifiers: CVE-2017-6950, ERPSCAN-17-010, ERPSCAN-17-011, ERPSCAN-17-012, ERPSCAN-17-013, ERPSCAN-17-014, ERPSCAN-17-015, VIGILANCE-VUL-22115.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-5997 CVE-2017-8913 CVE-2017-8914

SAP: multiples vulnerabilities of February 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 14/02/2017.
Revisions dates: 15/02/2017, 03/03/2017.
Identifiers: CVE-2017-5997, CVE-2017-8913, CVE-2017-8914, CVE-2017-8915, ERPSCAN-17-007, ERPSCAN-17-008, ERPSCAN-17-009, VIGILANCE-VUL-21826.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-6143 CVE-2016-6818 CVE-2017-7696

SAP: multiples vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 10/01/2017.
Revision date: 11/01/2017.
Identifiers: CVE-2016-6143, CVE-2016-6818, CVE-2017-7696, ERPSCAN-16-036, ERPSCAN-16-037, ERPSCAN-17-001, ERPSCAN-17-002, ERPSCAN-17-003, ERPSCAN-17-004, VIGILANCE-VUL-21534.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-10005 CVE-2016-3684 CVE-2016-3685

SAP: multiples vulnerabilities of December 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 13/12/2016.
Identifiers: CVE-2016-10005, CVE-2016-3684, CVE-2016-3685, ERPSCAN-16-041, VIGILANCE-VUL-21362.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2014-9569

SAP NetWeaver Business Client for HTML 3.0: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of SAP NetWeaver Business Client for HTML 3.0, in order to execute JavaScript code in the context of the web site.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 08/01/2015.
Identifiers: 2051285, CVE-2014-9569, SOS-14-005, VIGILANCE-VUL-15932.

Description of the vulnerability

The SAP NetWeaver Business Client for HTML 3.0 product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of SAP NetWeaver Business Client for HTML 3.0, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-8592

SAP NetWeaver: denial of service via POST

Synthesis of the vulnerability

An attacker can send a malicious POST query to SAP NetWeaver, in order to trigger a denial of service.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 24/10/2014.
Identifiers: 1986725, CVE-2014-8592, ERPSCAN-14-017, ERPSCAN-14-018, ERPSCAN-14-020, ERPSCAN-14-021, VIGILANCE-VUL-15537.

Description of the vulnerability

The SAP NetWeaver product has a web service.

However, when a partial HTTP POST query is received, a fatal error occurs.

An attacker can therefore send a malicious POST query to SAP NetWeaver HTTPd, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2014-8591

SAP NetWeaver HTTPd: denial of service via POST

Synthesis of the vulnerability

An attacker can send a malicious POST query to SAP NetWeaver HTTPd, in order to trigger a denial of service.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 24/10/2014.
Identifiers: 1966655, CVE-2014-8591, ERPSCAN-14-016, VIGILANCE-VUL-15536.

Description of the vulnerability

The SAP NetWeaver product has an HTTPd service.

However, when a partial HTTP POST query is received, a fatal error occurs.

An attacker can therefore send a malicious POST query to SAP NetWeaver HTTPd, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetWeaver: