Skip to main content
CVE-2016-9563 MEDIUM POC KEV THREAT This Month

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java SAP XXE
NVD
CVSS 3.1
6.5
EPSS
58.4%
Threat
6.1
CVE-2016-9567 MEDIUM This Month

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-8672 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Cp 343 1 Firmware Simatic S7 300 Cpu Firmware Simatic S7 400 Cpu Firmware Simatic Cp 443 1 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy