45 matches found
EUVD-2018-14319
Malware in sbrugna...
EUVD-2018-14220
Malware in sbrugna...
EUVD-2014-3153
Malware in sbrugna...
CVE-2023-41367
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...
CVE-2021-21491
SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
SAP NetWeaver Access Control Error Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. An access control error vulnerability exists in SAP NetWeaver version 7.50, which stems from a lack of...
CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...
CVE-2023-41367
CVE-2023-41367 affects SAP NetWeaver (Guided Procedures), specifically the webdynpro component in version 7.50. The root cause is a missing authentication check, allowing an unauthorized user to anonymously access the administrator view of a function and potentially view the user’s email address....
SAP NetWeaver 访问控制错误漏洞
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. An access control error vulnerability exists in SAP NetWeaver version 7.50, which stems from a lack of...
CVE-2021-21491
SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2021-21491
SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2021-21491
SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2021-21491
CVE-2021-21491 affects SAP NetWeaver Application Server Java (WebDynpro Java) and its supported Java applications, specifically versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. The vulnerability is described as a Reverse Tabnabbing issue that can allow an attacker to redirect users to...
CVE-2020-6240
SAP NetWeaver AS ABAP Web Dynpro ABAP, versions SAPUI 750, 752, 753, 754 and SAPBASIS 700, 710, 730, 731, 804 allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service...
SAP NetWeaver WebDynpro Java Cross-Site Scripting Vulnerability
SAP Enterprise Financial Services is a set of enterprise financial services solutions from SAP. A cross-site scripting vulnerability exists in SAP NetWeaver, which arises from a failure to properly sanitize user-supplied input and can be exploited by a remote attacker to execute arbitrary script...
CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting XSS vulnerability...
CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting XSS vulnerability...
Cross site scripting
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting XSS vulnerability...
CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting XSS vulnerability...
CVE-2018-2464
CVE-2018-2464 affects SAP WebDynpro Java in versions 7.20, 7.30, 7.31, 7.40, and 7.50, where input from users is not sufficiently encoded, resulting in a stored Cross-Site Scripting (XSS) vulnerability. The issue is caused by inadequate sanitization/encoding of user-controlled inputs in the web d...