Sap Netweaver Java Application Server — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Netweaver Java Application Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2015-2282 — CVSS 7.5 (high): Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB…
CVE-2014-3133 — CVSS 5.0 (medium): SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems…
CVE-2015-2278 — CVSS 5.0 (medium): The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver…
CVE-2015-4158 — CVSS 5.0 (medium): SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security…
CVE-2014-8590 — CVSS 4.3 (medium): XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers…