The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetWeaver

vulnerability alert CVE-2018-2441 CVE-2018-2442 CVE-2018-2444

SAP: multiples vulnerabilities of August 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 14/08/2018.
Identifiers: CVE-2018-2441, CVE-2018-2442, CVE-2018-2444, CVE-2018-2445, CVE-2018-2446, CVE-2018-2447, CVE-2018-2448, CVE-2018-2449, CVE-2018-2450, CVE-2018-2451, VIGILANCE-VUL-26981.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-8039

Apache CXF: Man-in-the-Middle via com.sun.net.ssl

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via com.sun.net.ssl on Apache CXF, in order to read or write data in the session.
Impacted products: Business Objects, Rational ClearCase, WebSphere AS Liberty, WebSphere AS Traditional, JBoss EAP by Red Hat, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 27/07/2018.
Identifiers: CVE-2018-8039, ibm10720065, ibm10734899, RHSA-2018:2276-01, RHSA-2018:2277-01, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:3817-01, VIGILANCE-VUL-26852.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via com.sun.net.ssl on Apache CXF, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-2427 CVE-2018-2431 CVE-2018-2432

SAP: multiples vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 10/07/2018.
Identifiers: CVE-2018-2427, CVE-2018-2431, CVE-2018-2432, CVE-2018-2433, CVE-2018-2434, CVE-2018-2435, CVE-2018-2436, CVE-2018-2437, CVE-2018-2438, CVE-2018-2439, CVE-2018-2440, VIGILANCE-VUL-26673.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1002204

Node.js adm-zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js adm-zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Impacted products: Business Objects, Nodejs Modules ~ not comprehensive, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 13/06/2018.
Identifiers: CVE-2018-1002204, VIGILANCE-VUL-26400.

Description of the vulnerability

An attacker can traverse directories of Node.js adm-zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-2424 CVE-2018-2425 CVE-2018-2428

SAP: multiples vulnerabilities of June 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/06/2018.
Identifiers: CERTFR-2018-AVI-291, CVE-2018-2424, CVE-2018-2425, CVE-2018-2428, VIGILANCE-VUL-26393.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-2415 CVE-2018-2416 CVE-2018-2417

SAP: multiples vulnerabilities of May 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 09/05/2018.
Identifiers: CVE-2018-2415, CVE-2018-2416, CVE-2018-2417, CVE-2018-2418, CVE-2018-2419, CVE-2018-2420, CVE-2018-2421, CVE-2018-2422, CVE-2018-2423, VIGILANCE-VUL-26087.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-2403 CVE-2018-2404 CVE-2018-2405

SAP: multiples vulnerabilities of April 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 10/04/2018.
Identifiers: CVE-2018-2403, CVE-2018-2404, CVE-2018-2405, CVE-2018-2406, CVE-2018-2408, CVE-2018-2409, CVE-2018-2410, CVE-2018-2412, CVE-2018-2413, VIGILANCE-VUL-25829.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2366 CVE-2018-2397 CVE-2018-2398

SAP: multiples vulnerabilities of March 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 13/03/2018.
Identifiers: CVE-2018-2366, CVE-2018-2397, CVE-2018-2398, CVE-2018-2399, CVE-2018-2400, CVE-2018-2401, CVE-2018-2402, VIGILANCE-VUL-25535.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-2364 CVE-2018-2365 CVE-2018-2367

SAP: multiples vulnerabilities of February 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 32.
Creation date: 13/02/2018.
Revisions dates: 15/02/2018, 16/02/2018.
Identifiers: CVE-2018-2364, CVE-2018-2365, CVE-2018-2367, CVE-2018-2368, CVE-2018-2369, CVE-2018-2370, CVE-2018-2371, CVE-2018-2372, CVE-2018-2373, CVE-2018-2374, CVE-2018-2375, CVE-2018-2376, CVE-2018-2377, CVE-2018-2378, CVE-2018-2379, CVE-2018-2380, CVE-2018-2381, CVE-2018-2382, CVE-2018-2383, CVE-2018-2384, CVE-2018-2385, CVE-2018-2386, CVE-2018-2387, CVE-2018-2388, CVE-2018-2389, CVE-2018-2390, CVE-2018-2391, CVE-2018-2392, CVE-2018-2393, CVE-2018-2394, CVE-2018-2395, CVE-2018-2396, ERPSCAN-18-003, ERPSCAN-18-004, ERPSCAN-18-005, VIGILANCE-VUL-25288.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-2360 CVE-2018-2361 CVE-2018-2362

SAP: multiples vulnerabilities of January 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/01/2018.
Identifiers: CVE-2018-2360, CVE-2018-2361, CVE-2018-2362, CVE-2018-2363, VIGILANCE-VUL-24984.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetWeaver: