Lucene search
K

318 matches found

Tenable Nessus
Tenable Nessus
added 2022/06/16 12:0 a.m.57 views

SAP NetWeaver AS Java Information Disclosure (2256846)

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.1 to 7.5, allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Note that Nessus has not tested for this issue but has instead relied only on the application's...

5.3CVSS6.4AI score0.51553EPSS
Exploits10References4
ATTACKERKB
ATTACKERKB
added 2022/06/14 10:15 a.m.5 views

CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

8.8CVSS6.3AI score0.01248EPSS
Exploits0References2
OSV
OSV
added 2022/06/14 10:15 a.m.5 views

CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

8.8CVSS7.7AI score0.01248EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/14 2:54 a.m.6 views

com.oracle.cdi-enabler:cdi-enabler-1_0-test-webapp (=1), com.sap.cloud.s4hana.starters:scp-neo-javaee6 (>=1.0.0 <=1.1.2) +19 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.1.11 <=2.1.26)

org.glassfish:javax.faces MAVEN version =2.1.11, =1.0.0, =2.23.16, =0.3.0, =0.3.0, =5.11.0, =5.12.0, =5.13.1, =5.12.0, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.15.4 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...

4.3CVSS7.1AI score0.04715EPSS
Exploits0
OSV
OSV
added 2022/05/14 2:45 a.m.2 views

GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

5CVSS6AI score0.78018EPSS
Exploits6References11
OSV
OSV
added 2022/05/13 1:24 a.m.1 views

GHSA-GJFX-9WX3-J6R7 Apache MyFaces Vulnerable to Path Traversal

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...

5CVSS6AI score0.33471EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2022/05/13 12:0 a.m.5 views

PT-2022-11757 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus versions all Description: The issue concerns an unrestricted file upload in the /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java file. This allows an attacker to upload malicious JSP files...

9.8CVSS9.4AI score0.01006EPSS
Exploits1References3
OSV
OSV
added 2022/05/01 11:38 p.m.89 views

GHSA-VV6J-5X58-Q2C3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

5.3CVSS5.3AI score0.02537EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/01 11:38 p.m.56 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS4.2AI score0.02537EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.4 views

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

7.5CVSS7.2AI score0.01728EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.5 views

PT-2022-15502 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java versions 7.22 through 7.53 Description: An unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling, allowing the malicious payload to be...

9.8CVSS9.6AI score0.02335EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/12/09 12:0 a.m.5 views

The vulnerability of the Invoker Servlet component in SAP NetWeaver Java Application Server allows a perpetrator to execute arbitrary code or gain full control over the system.

The vulnerability of the Invoker Servlet component in SAP NetWeaver Java Application Server is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain full control over the system through specially crafted HTTP or...

10CVSS8.5AI score0.1745EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/11/08 4:15 a.m.2 views

CVE-2021-34685

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed and leads to remote code...

7.2CVSS7.5AI score0.02248EPSS
Exploits3References2
NVD
NVD
added 2021/09/14 12:15 p.m.19 views

CVE-2021-38163

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

9.9CVSS0.37149EPSS
Exploits1References3
Prion
Prion
added 2021/09/14 12:15 p.m.22 views

Design/Logic Flaw

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

9CVSS8.6AI score0.37149EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.3 views

SAP NetWeaver 路径遍历漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A path traversal vulnerability exists in SAP NetWeaver versions 7.30, 7.31, 7.40, 7.50, which allows an attacker...

9.9CVSS8.3AI score0.37149EPSS
Exploits1References6
OSV
OSV
added 2021/07/31 5:15 p.m.4 views

CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...

8.8CVSS6AI score0.05967EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2021/06/25 12:0 a.m.5 views

PT-2021-20526

Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 4.8.0 and earlier Description: An issue exists where an attacker can use query parameters to create a JSP file, accessible from remote, in the current BIRT viewer directory. This allows the injection of JSP code into the...

9.8CVSS9.5AI score0.5771EPSS
Exploits4References10
OSV
OSV
added 2021/06/22 11:2 a.m.3 views

OESA-2021-1229 mojarra security update

JvaServerTM Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generat...

6.5CVSS7AI score0.10124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/15 12:0 a.m.47 views

SAP NetWeaver AS JAVA Information Disclosure (3023299)

SAP Netweaver Application Server Java versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker to access restricted information by entering malicious server name via the UserAdmin application of the SAP NetWeaver application server. Note that Nessus has not tested for this issue but has...

5.5CVSS6.3AI score0.00613EPSS
Exploits0References3
Rows per page
Query Builder