121 matches found
EUVD-2017-16672
Malware in sbrugna...
EUVD-2017-14476
Malware in sbrugna...
EUVD-2020-19352
Malware in sbrugna...
EUVD-2016-1489
Malware in sbrugna...
EUVD-2024-42536
Malicious code in bioql PyPI...
CVE-2023-42480
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...
CVE-2021-27598
SAP NetWeaver AS JAVA Customer Usage Provisioning Servlet, versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet...
CVE-2020-6224
SAP NetWeaver AS Java HTTP Service, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure...
CVE-2020-6286
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...
CVE-2020-26820
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate...
CVE-2025-0057
CVE-2025-0057 concerns SAP NetWeaver AS Java (User Admin Application). The issue is a stored cross-site scripting vulnerability where an attacker, posing as an admin, can upload a photo containing malicious JavaScript. When a victim accesses the vulnerable component, the attacker can read and mod...
CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
CVE-2024-47582 XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application...
PT-2024-9407 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java affected versions not specified Description: The issue allows an attacker authenticated as an administrator to use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an...
SAP NetWeaver AS Java XSS (3505503)
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability. Note that Nessus has not tested for th...
CVE-2024-45280
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability...
CVE-2024-45280 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability...
CVE-2024-34688
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...
CVE-2024-28164
SAP NetWeaver AS Java (CAF - Guided Procedures) is affected by CVE-2024-28164, an information-disclosure vulnerability where an unauthenticated user can access non-sensitive server information that should be restricted. The issue is described across multiple sources as a low-impact confidentialit...
CVE-2024-28164 Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)
SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...