CVE-2022-35298

SAP NetWeaver Enterprise Portal KMC - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the...

EUVD-2023-12122

Malicious code in bioql PyPI...

EUVD-2025-24628

Malicious code in bioql PyPI...

CVE-2023-31405

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...

CVE-2024-22126

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

CVE-2024-25644

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...

Authentication flaw

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...

CVE-2024-25645

The CVE-2024-25645 entry concerns SAP NetWeaver (Enterprise Portal) version 7.50, where an information disclosure vulnerability could permit access to restricted data, causing low confidentiality impact with no integrity/availability impact. The connected records confirm the affected product and ...

CVE-2024-25644

CVE-2024-25644 affects SAP NetWeaver WSRM 7.50. Under certain conditions, it allows an attacker to access information that would normally be restricted, yielding low impact on confidentiality and no impact on integrity or availability. The connected sources confirm the product and scope but do no...

Cross site scripting

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

PT-2024-4513 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results ...

CVE-2023-42480 Information Disclosure in NetWeaver AS Java Logon

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

CVE-2023-42480

The CVE-2023-42480 issue affects SAP NetWeaver AS Java Logon (version 7.50). An unauthenticated attacker can brute-force the login function to enumerate legitimate user IDs, resulting in confidentiality impact (user ID disclosure) with no reported impact on integrity or availability. Multiple con...

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

CVE-2023-33985

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information...

Cross site scripting

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984

SAP NetWeaver (Design Time Repository) v7.50 is affected. The issue arises from returning an unfavorable content type for certain versioned files, enabling an authorized attacker to create a file containing malicious content and share a link resulting in cross-site scripting (XSS). Public referen...

Design/Logic Flaw

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

CVE-2023-27268

CVE-2023-27268 relates to SAP NetWeaver AS Java (Object Analyzing Service) v7.50, where missing authorization checks allow an unauthenticated attacker to attach to an open interface and use the Open Naming and Directory API to access server data, enabling privilege escalation without modifying da...