SAP Enterprise Portal 跨站脚本漏洞

SAP Enterprise Portal is an application from SAP, Germany. A comprehensive integration and application platform that facilitates the alignment of people, information and business processes across organizational and technological boundaries. A cross-site scripting vulnerability in SAP Enterprise...

CVE-2021-42063

SAP Knowledge Warehouse (versions 7.30, 7.31, 7.40, 7.50) contains a reflected Cross‑Site Scripting vulnerability that can be triggered via a SAP KW component used in a web browser. The issue could allow attackers to inject scripts and potentially disclose sensitive data. Affected endpoint detail...

PT-2021-23601 · Xorux · Lpar2Rrd +1

Name of the Vulnerable Software and Affected Versions: LPAR2RRD and STOR2RRD versions prior to 7.30 Description: The issue concerns a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD. Recommendations: For versions prior to 7.30, update to version 7.30 or later to resolve the...

SAP NetWeaver AS JAVA Information Disclosure (3023299)

SAP Netweaver Application Server Java versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker to access restricted information by entering malicious server name via the UserAdmin application of the SAP NetWeaver application server. Note that Nessus has not tested for this issue but has...

SAP NetWeaver AS JAVA Reverse Tabnabbing (2976947)

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Note that Nessus has not tested for this issue but has instead...

SAP NetWeaver AS Java Multiple XSS (2953112)

The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple cross-site scripting vulnerabilities, as follows: - SAP NetWeaver Application Server JAVA XML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an...

CVE-2020-6326

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

Cross site scripting

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

Unrestricted file upload

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

SAP NetWeaver AS Java Command Execution Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...

CVE-2020-6193

SAP NetWeaver Knowledge Management ICE Service, versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting XSS vulnerability...

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

Cross site scripting

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

Design/Logic Flaw

Knowledge Management XMLForms in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source...

CVE-2018-2399

Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs...

Cross site scripting

Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs...

CVE-2018-2399

Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs...

Cross site scripting

SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...