CVE-2020-6187

SAP NetWeaver Guided Procedures, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service...

CVE-2024-28164

SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...

CVE-2024-28164 Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)

SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...

SAP NetWeaver AS Java Multiple Vulnerabilities (Feb 2024)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This resul...

CVE-2024-24743

SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

CVE-2024-24743 XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

CVE-2024-24743 XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

PT-2024-4514 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions 7.50 Description: The issue is related to the incorrect restriction of XML links to external objects in the Guided Procedures component of SAP NetWeaver AS for Java. This can be exploited by a remote attacker...

CVE-2023-41367

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

CVE-2021-33671

SAP NetWeaver Guided Procedures Administration Workset, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality...

CVE-2021-33671

SAP NetWeaver Guided Procedures Administration Workset, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality...

Authorization

SAP NetWeaver Guided Procedures Administration Workset, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality...

CVE-2021-33671

CVE-2021-33671 concerns SAP NetWeaver Guided Procedures (Administration Workset) across versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. The issue is a missing authorization check for an authenticated user, enabling privilege escalation and potential unauthorized read/modify/delete of restricted data...

CVE-2021-33671

SAP NetWeaver Guided Procedures Administration Workset, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality...

SAP NetWeaver 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver Guided Procedures that stems from a lack of authorization check...

CVE-2020-6187

SAP NetWeaver Guided Procedures, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service...

CVE-2020-6187

SAP NetWeaver (Guided Procedures) is affected in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 by a vulnerability where XML input from a compromised admin is not sufficiently validated, enabling Denial of Service. The CVE entry documents the root cause as inadequate validation of XML docu...

SAP Solman - user accounts disclosure CVE-2016-10005

Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: SAP Bugs: Information Disclosure Reported: 12.07.2016 Vendor response: 13.07.2016 Date of Public Advisory: 13.09.2016 Reference: SAP Security Note 2344524 Author: Roman Bezhan ERPScan VULNERABILITY INFORMATION CVE-2016-100...

CVE-2013-7358

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors...