| Max CVSS | 9.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4016 | 4.3 |
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui
|
10-12-2018 - 19:29 | 14-04-2016 - 14:59 | |
| CVE-2016-4014 | 9.0 |
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
|
10-12-2018 - 19:29 | 14-04-2016 - 14:59 | |
| CVE-2016-4018 | 7.5 |
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified v
|
10-12-2018 - 19:29 | 14-04-2016 - 14:59 | |
| CVE-2016-4015 | 5.0 |
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
|
10-12-2018 - 19:29 | 14-04-2016 - 14:59 | |
| CVE-2016-4017 | 5.0 |
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
|
10-12-2018 - 19:29 | 14-04-2016 - 14:59 |