Search criteria
4 vulnerabilities found for java_as by sap
CVE-2016-4016 (GCVE-0-2016-4016)
Vulnerability from nvd – Published: 2016-04-14 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2016-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/"
},
{
"name": "20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/"
},
{
"name": "20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/"
},
{
"name": "20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jul/46"
},
{
"name": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4016",
"datePublished": "2016-04-14T14:00:00.000Z",
"dateReserved": "2016-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:17:30.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3979 (GCVE-0-2016-3979)
Vulnerability from nvd – Published: 2016-04-08 14:00 – Updated: 2024-08-06 00:10
VLAI?
Summary
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2016-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:10:31.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3979",
"datePublished": "2016-04-08T14:00:00.000Z",
"dateReserved": "2016-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:10:31.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4016 (GCVE-0-2016-4016)
Vulnerability from cvelistv5 – Published: 2016-04-14 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2016-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/"
},
{
"name": "20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/"
},
{
"name": "20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/"
},
{
"name": "20160715 [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jul/46"
},
{
"name": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4016",
"datePublished": "2016-04-14T14:00:00.000Z",
"dateReserved": "2016-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:17:30.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3979 (GCVE-0-2016-3979)
Vulnerability from cvelistv5 – Published: 2016-04-08 14:00 – Updated: 2024-08-06 00:10
VLAI?
Summary
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2016-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:10:31.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137589/SAP-NetWeaver-AS-JAVA-7.4-icman-Denial-Of-Service.html"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-017-sap-java-icman-dos/"
},
{
"name": "20160624 [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/55"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3979",
"datePublished": "2016-04-08T14:00:00.000Z",
"dateReserved": "2016-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:10:31.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}