41 matches found
CVE-2023-30744
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...
PT-2023-8732 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50 Description: The issue is related to the lack of authentication for a critical function in SAP AS NetWeaver JAVA, allowing an unauthenticated attacker to attach t...
The vulnerability of the SAP NetWeaver AS for Java software platform, related to deficiencies in authentication procedures, allows attackers to gain read, modify, or delete access to data, or to cause service interruptions.
The vulnerability of the SAP NetWeaver AS for Java software platform is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to data, or cause service interruptions...
CVE-2023-27268
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...
VulnCheck KEV: CVE-2022-22536
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the...
CVE-2022-22532
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...
SAP NetWeaver Application Server Java 资源管理错误漏洞
SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a resource management error vulnerability that...
CVE-2021-27598
SAP NetWeaver AS JAVA Customer Usage Provisioning Servlet, versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet...
SAP Business Objects Business Intelligence Platform 输入验证错误漏洞
SAP Netweaver Application Server Java is part of the SAP NetWeaver Application Platform, which provides a complete infrastructure for deploying and running Java applications. A reverse tag phishing vulnerability exists in SAP Netweaver Application Server Java 7.00, 7.10, 7.11, 7.20, 7.30, 7.31,...
CVE-2020-26816
SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...
PT-2020-5955 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA LM Configuration Wizard versions 7.30 through 7.50 Description: The vulnerability is related to missing authentication for critical functions in the SAP NetWeaver Java Application Server. This issue allows an attacker to...
CVE-2019-0345
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
CVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...
CVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...
CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...
CVE-2016-9563
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909...
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...
CVE-2016-3975
Cross-site scripting XSS vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP...
CVE-2016-3974
XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...
Security feature bypass
The chat feature in the Real-Time Collaboration RTC services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tcrtccoll.appl.rtcwdchat/Chat, pressing "Add users", and doing a search, aka SAP...