Lucene search
K

131 matches found

cvelist
cvelist
added 2024/08/13 3:58 a.m.35 views

CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

4.7CVSS0.00302EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/08/13 3:58 a.m.16 views

CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References2
cvelist
cvelist
added 2024/08/13 3:47 a.m.32 views

CVE-2024-33005 Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server ABAP and Java, and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a...

6.3CVSS0.00208EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/08/13 12:0 a.m.6 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server. An authenticated attacker could exploit the vulnerability to invoke underlying transactions, which could lead to the disclosure of user-related...

4.3CVSS6.2AI score0.00262EPSS
Exploits0References4
cvelist
cvelist
added 2024/07/09 4:24 a.m.38 views

CVE-2024-39599 [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

4.7CVSS0.00306EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/07/09 12:0 a.m.5 views

SAP NetWeaver Application Server Information Disclosure Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. An information disclosure vulnerability exists in SAP NetWeaver Application Server, which arises from a vulnerability that allows an attacker to access remotely enabled function modules without further authorization unde...

5.3CVSS6AI score0.00302EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.4 views

SAP NetWeaver Application Server 代码问题漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A file upload vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from the application's lack of effective validation of uploaded files. The vulnerability can be exploited to remotely...

9.6CVSS7.7AI score0.00527EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.4 views

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from a cross-site scripting XSS vulnerability due to failure to adequately encode user-controlled input...

9CVSS5.5AI score0.00402EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/02/13 12:0 a.m.5 views

SAP NetWeaver AS Cross-Site Scripting Vulnerability

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS for Java version 7.50, which stems from incorrect validation and encoding of incoming...

8.8CVSS6.2AI score0.00519EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2023/10/11 12:0 a.m.6 views

The vulnerability of the Generic Request and Message Generator (GRMG)/Heartbeat service on the SAP NetWeaver AS for Java software platform allows a attacker to perform an SSRF attack.

The vulnerability of the Generic Request and Message Generator GRMG/Heartbeat service on the SAP NetWeaver AS for Java software platform is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

6.5CVSS6.5AI score0.00414EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2023/09/12 12:0 a.m.4 views

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...

5.5CVSS6.4AI score0.00346EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/07/11 12:0 a.m.11 views

SAP NetWeaver Application Server 授权问题漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. An authorization issue vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, which arises from performing incorrect authentication checks for functions that require a user's identity under...

7.4CVSS7.3AI score0.00392EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/03/14 12:0 a.m.12 views

PT-2023-19674 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java for Classload Service version 7.50 Description: The issue results in escalation of privileges due to the lack of authentication checks for functionalities that require user identity. This has a low impact...

5.3CVSS5.4AI score0.00578EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/03/14 12:0 a.m.6 views

SAP NetWeaver Application Server 资源管理错误漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A resource management error vulnerability exists in SAP NetWeaver Application Server, which stems from multiple vulnerabilities found in a single class. An attacker could exploit the vulnerability to construct requests...

6.5CVSS6.5AI score0.00613EPSS
Exploits0References3
cvelist
cvelist
added 2023/02/14 3:13 a.m.22 views

CVE-2023-23853

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could rea...

6.1CVSS6.3AI score0.00349EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/02/14 3:13 a.m.7 views

CVE-2023-23853

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could rea...

6.1CVSS6.2AI score0.00349EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/02/14 12:0 a.m.5 views

PT-2023-19255 · Sap · Sap Netweaver Application Server For Abap/Abap Platform

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752 Description: The issue results from the lack of necessary authorization checks for an authenticated user, leading to escalation of...

5.4CVSS5.6AI score0.00462EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/02/14 12:0 a.m.7 views

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server Pages versions 700, 701, 702, 731, and 740. An attacker could us...

6.1CVSS6.3AI score0.00388EPSS
Exploits0References3
osv
osv
added 2022/11/08 10:15 p.m.5 views

CVE-2022-41212

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the...

4.9CVSS5.8AI score0.00764EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/06/14 12:0 a.m.9 views

PT-2022-19727 · Sap · Hana Database +6

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53,...

5CVSS5.2AI score0.00439EPSS
Exploits2References7
Rows per page
Query Builder