Lucene search
K

318 matches found

CNNVD
CNNVD
added 2021/06/08 12:0 a.m.7 views

SAP Netweaver 信息泄露漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver AS JAVA, which can be exploited by an attacker t...

5.5CVSS5.6AI score0.00613EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/04/21 12:0 a.m.2 views

The vulnerability of SAP NetWeaver Java Application Server, a software integration platform of SAP NetWeaver, related to authentication errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SAP NetWeaver Java Application Server, a software integration platform of SAP NetWeaver, is related to authentication errors. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS8.1AI score0.94719EPSS
Exploits6References5Affected Software1
OSV
OSV
added 2021/04/13 7:15 p.m.4 views

CVE-2021-21485

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user...

6.5CVSS6.9AI score0.0094EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.5 views

SAP Netweaver 访问控制错误漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...

6.5CVSS5.7AI score0.00635EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.7 views

SAP NetWeaver Application Server 信息泄露漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server for Java versions 7.30, 7.31,...

7.4CVSS5.6AI score0.0094EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.6 views

SAP NetWeaver Application Server Java 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A content spoofing vulnerability exists in SAP NetWeaver Application Server for Java versions 7.10, 7.11, 7.20,...

4.3CVSS5.6AI score0.00561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/04/09 12:0 a.m.173 views

SAP NetWeaver AS Java Invoker Servlet Code Execution (1445998)

SAP Netweaver Application Server Java versions before 7.30 are potentially affected by a code execution vulnerability in the invoker servlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security,...

10CVSS9.2AI score0.1745EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.33 views

SAP NetWeaver AS JAVA Reverse Tabnabbing (2976947)

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Note that Nessus has not tested for this issue but has instead...

6.1CVSS5.7AI score0.00666EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2021/03/20 12:0 a.m.5 views

Java Server Pages Backdoor (CVE-2022-23463)

A generic backdoor exists in Java server pages. The vulnerability is due to lack of user input sanitation. Successful exploitation of this vulnerability might allow an attacker to execute arbitrary code on the affected system...

3.6AI score0.0173EPSS
Exploits1
OSV
OSV
added 2021/01/14 3:15 p.m.3 views

UBUNTU-CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

5.9CVSS7.2AI score0.22852EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/12/12 12:0 a.m.7 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...

5.4CVSS5.9AI score0.00731EPSS
Exploits1References3
CNNVD
CNNVD
added 2020/11/26 12:0 a.m.5 views

Coremail XT 跨站脚本漏洞

Coremail XT is a set of enterprise-class mail system from China Yingshi Computer Technology Company. The system supports sending and receiving emails, enterprise address book, enterprise cloud disk and schedule synchronization. A cross-site scripting vulnerability exists in jsp/upload.jsp in...

6.1CVSS6.2AI score0.01081EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/26 12:0 a.m.3 views

Eclipse Jetty Access Control Error Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty that originates when a system's temporary directory is shared among all users on that system. Concurrent users could observe the creation...

7CVSS9.3AI score0.043EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/10/22 12:0 a.m.8 views

The vulnerability of the WildFly application server in Java, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the WildFly application server relates to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

5.5CVSS6.6AI score0.01509EPSS
Exploits0References7
CNVD
CNVD
added 2020/10/21 12:0 a.m.2 views

SAP NetWeaver Application Server Java Input Validation Error Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java. No detailed vulnerability...

6.1CVSS6.8AI score0.0108EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/10/20 12:0 a.m.22 views

IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 Multiple Vulnerabilities (296865)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15 or 8.5.0.x prior to 8.5.5.13. It is, therefore, affected by two information disclosure vulnerabilities in the Java Server Faces JSF subcomponent. - IBM WebSphere Application Server allows a remote...

7.5CVSS7.5AI score0.05334EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/09/17 1:7 p.m.3 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2020/09/14 6:44 p.m.4 views

ca.uhnresearch.pughlab:java-server (>=1.0.3 <=1.0.5), com.almende.eve:eve-tests (>=3.0.0 <=3.1.0) +53 more potentially affected by CVE-2015-0254 via org.apache.taglibs:taglibs-standard-impl (=1.2.1)

org.apache.taglibs:taglibs-standard-impl MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.taglibs:taglibs-standard-impl and may be impacted: - ca.uhnresearch.pughlab:java-server =1.0.3, =3.0.0, =3.0.0, =3.0.0, =2.1.1,...

7.5CVSS6.8AI score0.1326EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.7 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/06/11 9:3 a.m.3 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
Rows per page
Query Builder