CVE-2022-35298

SAP NetWeaver Enterprise Portal KMC - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the...

EUVD-2023-12122

Malicious code in bioql PyPI...

EUVD-2025-24628

Malicious code in bioql PyPI...

CVE-2025-8754

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14...

CVE-2023-31405

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

CVE-2024-22126

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

VulnCheck KEV: CVE-2021-42063

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data...

CVE-2024-25644

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...

Authentication flaw

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...

CVE-2024-25645

The CVE-2024-25645 entry concerns SAP NetWeaver (Enterprise Portal) version 7.50, where an information disclosure vulnerability could permit access to restricted data, causing low confidentiality impact with no integrity/availability impact. The connected records confirm the affected product and ...

CVE-2024-25644

CVE-2024-25644 affects SAP NetWeaver WSRM 7.50. Under certain conditions, it allows an attacker to access information that would normally be restricted, yielding low impact on confidentiality and no impact on integrity or availability. The connected sources confirm the product and scope but do no...

CVE-2024-25644 Information Disclosure vulnerability in NetWeaver (WSRM)

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...

Cross site scripting

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

SAP NetWeaver AS Code Issue Vulnerability

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS Java version 7.50, which arises from a vulnerability that allows an unauthenticated attacker to...

PT-2024-4513 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results ...

CVE-2023-42480 Information Disclosure in NetWeaver AS Java Logon

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

CVE-2023-42480

The CVE-2023-42480 issue affects SAP NetWeaver AS Java Logon (version 7.50). An unauthenticated attacker can brute-force the login function to enumerate legitimate user IDs, resulting in confidentiality impact (user ID disclosure) with no reported impact on integrity or availability. Multiple con...

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

CVE-2023-35873

The Runtime Workbench RWB of SAP NetWeaver Process Integration - version SAPXITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...