CVE-2021-27598

SAP NetWeaver AS JAVA Customer Usage Provisioning Servlet, versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet...

SAP Business Objects Business Intelligence Platform 输入验证错误漏洞

SAP Netweaver Application Server Java is part of the SAP NetWeaver Application Platform, which provides a complete infrastructure for deploying and running Java applications. A reverse tag phishing vulnerability exists in SAP Netweaver Application Server Java 7.00, 7.10, 7.11, 7.20, 7.30, 7.31,...

CVE-2020-26826

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file including script files without proper file format validation, leading to Unrestricted File Upload...

CVE-2020-26816

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

SAP AS JAVA 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP Netweaver AS JAVA Key Storage Service versions 7.10, 7.11,...

SAP NetWeaver Application Server Java Input Validation Error Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java. No detailed vulnerability...

Critical SAP Bug Allows Full Enterprise System Takeover

A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers. SAP’s widely deployed collection of enterprise resource planning ERP software is used to manage their financials, logistics, customer-facing organizations, hum...

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server AS Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287 , is rated with a maximum CVSS...

PT-2020-5955 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA LM Configuration Wizard versions 7.30 through 7.50 Description: The vulnerability is related to missing authentication for critical functions in the SAP NetWeaver Java Application Server. This issue allows an attacker to...

Serious vulnerabilities fixed in SAP Netweaver

SAP has fixed several vulnerabilities in SAP Netweaver products. The vulnerabilities allow malicious parties to gain access to sensitive data, or possibly even the execute arbitrary commands that could take over the entire underlying system can be taken over. The vulnerability with reference...

SAP NetWeaver AS Java Information Disclosure Vulnerability (CNVD-2020-18535)

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An information disclosure vulnerability exists in SAP NetWeaver AS Java. An attacker can exploit thi...

Unspecified Vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java J2EE-Framework that can be...

CVE-2019-0345

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...

CVE-2019-0318

Under certain conditions SAP NetWeaver Application Server for Java Startup Framework, versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted...

CVE-2019-0275

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...

CVE-2019-0275

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...

CVE-2018-2492

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...

CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909...

SAP NetWeaver AS JAVA Denial of Service Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. A denial of service vulnerability...