CVE-2024-34688

CVE-2024-34688 affects SAP NetWeaver AS Java where unrestricted access to the Meta Model Repository services can let attackers cause DoS, impacting availability with no confidentiality/integrity impact. Affected product: SAP NetWeaver AS Java (Meta Model Repository). Root cause: unrestricted acce...

CVE-2024-27899

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...

CVE-2024-27899 Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...

CVE-2024-27899

CVE-2024-27899 affects SAP NetWeaver AS Java, specifically the User Admin Application’s Self-Registration and profile modification function, which does not enforce proper security for the content of newly defined security answers. Root cause is a misconfiguration/weak security controls in user ma...

CVE-2024-22127

SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on...

CVE-2024-22127

CVE-2024-22127 affects SAP NetWeaver Application Server for Java (Administer Log Viewer plug-in) 7.50. A high-privilege attacker can upload potentially dangerous files, enabling command injection that can impact confidentiality, integrity, and availability. Root cause: file upload validation weak...

CVE-2024-22127 Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)

SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on...

PT-2024-19217 · Sap · Sap Netweaver Administrator As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in version 7.50 Description: The issue allows an attacker with high privileges to upload potentially dangerous files, which leads to a command injection vulnerability. This wou...

CVE-2024-24743

SAP NetWeaver AS Java (CAF - Guided Procedures) 7.50 is affected by an unauthenticated XXE-type vulnerability triggered by submitting a crafted XML over the network. The issue allows an attacker to access sensitive files and data without modifying them; availability is not affected per the CVE en...

CVE-2024-24743 XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

CVE-2024-22126 Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

CVE-2023-42480

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

CVE-2023-42480

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

Design/Logic Flaw

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

CVE-2023-42480 Information Disclosure in NetWeaver AS Java Logon

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

CVE-2023-42480

The CVE-2023-42480 issue affects SAP NetWeaver AS Java Logon (version 7.50). An unauthenticated attacker can brute-force the login function to enumerate legitimate user IDs, resulting in confidentiality impact (user ID disclosure) with no reported impact on integrity or availability. Multiple con...

CVE-2023-42480 Information Disclosure in NetWeaver AS Java Logon

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

CVE-2023-42477

SAP NetWeaver AS Java GRMG Heartbeat application - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application...

CVE-2023-42477

CVE-2023-42477 affects SAP NetWeaver AS Java GRMG Heartbeat (version 7.50). The vulnerability permits an unauthenticated attacker to send a crafted request from a vulnerable web application, with limited impact on confidentiality and integrity (as described in multiple sources). The CVSS vector i...

PT-2023-5868 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java GRMG Heartbeat application version 7.50 Description: The issue is related to insufficient validation of incoming requests in the Generic Request and Message Generator GRMG/Heartbeat service of the SAP NetWeaver AS for Ja...