CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web...

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server Java, which can b...

SAP NetWeaver Application Server Java 跨站脚本漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which stems from t...

CVE-2025-0067 Missing Authorization check in SAP NetWeaver Application Server Java

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on...

PT-2024-10483 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java affected versions not specified Description: The issue is related to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java. This allows an attacker with a standar...

SAP NetWeaver Application Server Java 访问控制错误漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is primarily used for developing and running Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java, which originate...

SAP NetWeaver Application Server Java 访问控制错误漏洞

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An access control error vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from the fact that ...

PT-2022-26937 · Spring +1 · Spring Mvc +3

Name of the Vulnerable Software and Affected Versions: TERASOLUNA Global Framework version 1.0.0 TERASOLUNA Server Framework for Java Rich versions 2.0.0.2 through 2.0.5.1 Description: The issue is caused by an improper input validation in the binding mechanism of Spring MVC, which can lead to...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

Input validation

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

CVE-2022-22532

Summary (CVE-2022-22532) : SAP NetWeaver Application Server Java is affected in multiple builds (KRNL64NUC 7.22/7.22EXT/7.49/7.53 and KERNEL 7.22/7.49/7.53). An unauthenticated attacker can send a crafted HTTP request that triggers improper shared memory buffer handling, enabling execution of a p...

SAP NetWeaver Application Server Java 授权问题漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used for developing and running Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java version...

CVE-2021-21492

SAP NetWeaver Application Server JavaHTTP Service, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled...

SAP Netweaver 跨站脚本漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver AS JAVA versions 7.10 and 7.11. An attacker can...

SAP Netweaver Application Server Java Reverse Tag Phishing Vulnerability

SAP Netweaver Application Server Java is part of the SAP NetWeaver Application Platform, which provides a complete infrastructure for deploying and running Java applications. A reverse tag phishing vulnerability exists in SAP Netweaver Application Server Java 7.00, 7.10, 7.11, 7.20, 7.30, 7.31,...

CVE-2021-21491

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java XML Forms versions 7.30, 7.31, 7.40, 7.50, which arises from a lack of proper validation of client-side data in the web application. An...

SAP NetWeaver AS Java Command Execution Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...