Lucene search
K
SapNetweaver

102 matches found

CVE
CVE
added 2021/09/14 11:21 a.m.1025 views

CVE-2021-38163

CVE-2021-38163 affects SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30/7.31/7.40/7.50 with an unrestricted file upload path traversal that, when exploited by an authenticated non-administrative user, can trigger processing of a malicious file and execute OS commands under the Java Server pro...

9.9CVSS8.6AI score0.37149EPSS
In wild
CVE
CVE
added 2025/04/24 4:50 p.m.803 views

CVE-2025-31324

CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...

10CVSS7AI score0.99359EPSS
In wild
CVE
CVE
added 2025/05/13 12:17 a.m.325 views

CVE-2025-42999

CVE-2025-42999 affects SAP NetWeaver Visual Composer Metadata Uploader. It is a deserialization vulnerability that can allow a privileged attacker to compromise confidentiality, integrity, and availability of the host system. Connected documents corroborate a broader context: CVE-2025-31324 (unre...

9.1CVSS9.2AI score0.12522EPSS
In wild
CVE
CVE
added 2017/07/12 4:0 p.m.215 views

CVE-2017-9844

SAP NetWeaver with version 7400.12.21.30308 is affected by CVE-2017-9844 due to insecure Java deserialization in the metadatauploader endpoint. A crafted serialized Java object sent to /developmentserver/metadatauploader can cause denial of service and potentially allow arbitrary code execution, ...

7.5CVSS9.7AI score0.05513EPSS
CVE
CVE
added 2023/07/11 2:56 a.m.148 views

CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

9.1CVSS8.7AI score0.00845EPSS
CVE
CVE
added 2020/01/23 6:58 p.m.147 views

CVE-2013-1592

SAP NetWeaver Message Server contains CVE-2013-1592 (and related CVE-2013-1593) buffer-overflow vulnerabilities in the Message Server module. The flaw resides in _MsJ2EE_AddStatistics(), where the attacker-controlled MSJ2EE_HEADER.serviceid is used to index the global j2ee_stat_services array wit...

10CVSS9.5AI score0.22612EPSS
CVE
CVE
added 2012/05/15 1:0 a.m.136 views

CVE-2012-2612

CVE-2012-2612 refers to a Denial of Service in SAP NetWeaver Dispatcher (disp+work.exe) 7.0 EHP1/EHP2 where the DiagTraceHex function can be triggered by crafted SAP Diag packets to cause a daemon crash. Affected component: Dispatcher service within SAP NetWeaver 7.0 EHP1/EHP2 (disp+work.exe v701...

5CVSS8.8AI score0.03354EPSS
CVE
CVE
added 2012/05/15 1:0 a.m.129 views

CVE-2012-2514

CVE-2012-2514 affects SAP NetWeaver Dispatcher in SAP NetWeaver 7.0 EHP1 (disp+work.exe v7010.29.15.58313) and EHP2 (v7200.70.18.23869). The vulnerability is in the DiagiEventSource function of the Dispatcher, exploitable by remotely crafted SAP Diag packets to cause a denial of service (daemon c...

5CVSS8.7AI score0.03354EPSS
CVE
CVE
added 2024/01/09 1:19 a.m.113 views

CVE-2024-22124

CVE-2024-22124 affects SAP NetWeaver Internet Communication Manager and SAP Web Dispatcher—specifically listed kernel and related components (KERNEL 7.22/7.53/7.54; KRNL64UC 7.22/7.53; KRNL64NUC 7.22/7.22_EXT; WEBDISP 7.22_EXT/7.53/7.54). The vulnerability enables an attacker to access informatio...

7.5CVSS7.3AI score0.00326EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.112 views

CVE-2022-22534

CVE-2022-22534 affects SAP NetWeaver Application Server (NetWeaver ABAP/AS) through insufficient input encoding , enabling an unauthenticated attacker to inject code and potentially expose sensitive data such as user IDs and passwords . The endpoints are normally network-exposed, with a partial c...

6.1CVSS6.3AI score0.00835EPSS
CVE
CVE
added 2015/06/24 2:0 p.m.106 views

CVE-2015-5067

The CVE-2015-5067 entry affects SAP NetWeaver, specifically the Cross-System Tools and Data Transfer Workbench components. The root cause is hardcoded credentials within these tools, enabling remote access via unspecified vectors. This is supported by multiple sources (NVD/CNVD/PRION/CVE lists) r...

7.5CVSS6.8AI score0.02627EPSS
CVE
CVE
added 2013/11/19 7:0 p.m.103 views

CVE-2013-6815

CVE-2013-6815 affects SAP NetWeaver Application Server for ABAP (AS ABAP) versions 7.31 and earlier. The SHSTI_UPLOAD_XML function is vulnerable to a XML External Entity (XXE) issue that can allow remote attackers to cause a denial of service. Affected component: SHSTI_UPLOAD_XML in AS ABAP; root...

5CVSS6.9AI score0.0169EPSS
CVE
CVE
added 2016/02/16 3:0 p.m.103 views

CVE-2016-2389

SAP xMII 15.0 for SAP NetWeaver 7.4 is affected by CVE-2016-2389 due to a directory traversal in the GetFileList function (Path parameter to /Catalog), enabling read of arbitrary server files (e.g., ../../../../etc/passwd). Affected component is SAP MII 15.0; CVSS v3 base score 7.5 (Network, Low ...

7.8CVSS7.3AI score0.39321EPSS
CVE
CVE
added 2020/03/10 8:20 p.m.97 views

CVE-2020-6203

CVE-2020-6203 concerns SAP NetWeaver UDDI Server (Services Registry) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The vulnerability arises from insufficient validation of path information provided by users, allowing path traversal characters to reach file APIs and potentially access restric...

9.1CVSS8.9AI score0.0186EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.95 views

CVE-2022-28772

The CVE-2022-28772 entry concerns a buffer overflow in SAP Web Dispatcher and SAP Internet Communication Manager caused by overlong input values that can overwrite the internal program stack, leading to a denial of service. Affected products include SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7...

7.5CVSS7.4AI score0.01387EPSS
CVE
CVE
added 2022/06/13 4:4 p.m.88 views

CVE-2022-28217

CVE-2022-28217 affects SAP NetWeaver (EP Web Page Composer). Multiple connected documents describe a vulnerability where an XML document from an untrusted source is not sufficiently validated, enabling unprotected XML parking at endpoints and a potential SSRF attack that could impact availability...

6.5CVSS6.5AI score0.00704EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.83 views

CVE-2022-28773

CVE-2022-28773 affects SAP Web Dispatcher and SAP Internet Communication Manager. The issue is caused by uncontrolled recursion, leading to denial of service with a crash that is restartable. Public details across connected documents confirm the component/file-level root cause and DoS impact; som...

7.5CVSS7.9AI score0.01399EPSS
CVE
CVE
added 2013/10/24 12:0 a.m.82 views

CVE-2013-6244

The CVE-2013-6244 issue affects SAP NetWeaver 7.31 and earlier, in the Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP). The root cause is an XML External Entity (XXE) vulnerability where an XML document containing an external entity declaration and an entity ref...

5CVSS7AI score0.0163EPSS
CVE
CVE
added 2016/01/15 8:0 p.m.82 views

CVE-2016-1910

CVE-2016-1910 affects SAP NetWeaver 7.4 UME (User Management Engine) and is described as a cryptographic issue enabling attackers to decrypt data via unspecified vectors (SAP Security Note 2191290). The connected materials indicate this is a crypto-issue vulnerability with publicly available PoCs...

5.3CVSS7AI score0.06817EPSS
CVE
CVE
added 2013/02/12 8:0 p.m.81 views

CVE-2011-5263

CVE-2011-5263 concerns an XSS vulnerability in SAP NetWeaver 7.30 and earlier, in the RetrieveMailExamples component. The server parameter can be exploited to inject arbitrary web script or HTML. The connected sources confirm the affected platform and vulnerability class but do not provide specif...

4.3CVSS5.9AI score0.01333EPSS
CVE
CVE
added 2023/04/11 3:8 a.m.81 views

CVE-2023-29186

SAP NetWeaver BI CONT ADDON vulnerability CVE-2023-29186 affects versions 707, 737, 747, and 757. A directory traversal flaw in a report allows uploading and overwriting files on the SAP server; data cannot be read, but a remote attacker with administrative privileges could overwrite critical OS ...

8.7CVSS6.8AI score0.23035EPSS
CVE
CVE
added 2020/02/05 10:15 p.m.80 views

CVE-2011-1517

CVE-2011-1517 affects SAP NetWeaver Dispatcher (disp+work.exe) on SAP NetWeaver 7.0. The issue arises from the DiagTraceHex() function; a remote attacker can send a specially crafted network packet to trigger a denial of service (and in the broader advisory context, related vulnerabilities enable...

9.8CVSS9.4AI score0.04216EPSS
CVE
CVE
added 2017/01/23 9:0 p.m.78 views

CVE-2017-5372

SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...

7.5CVSS7.3AI score0.03523EPSS
CVE
CVE
added 2023/06/13 2:38 a.m.75 views

CVE-2023-32114

CVE-2023-32114 affects SAP NetWeaver Change and Transport System (CTS) for versions 702–757. An authenticated user with admin privileges can repeatedly run a benchmark program, causing resource exhaustion and a denial of service with limited impact on availability; confidentiality and integrity a...

2.7CVSS3.8AI score0.00596EPSS
CVE
CVE
added 2020/02/12 7:46 p.m.73 views

CVE-2020-6184

The CVE-2020-6184 issue affects SAP NetWeaver ABAP Online Community in SAP_BASIS 7.40 and SAP_BASIS 7.50–7.54 (S/4HANA). The vulnerability arises from insufficient encoding of user-controlled inputs in the ABAP Online Community, leading to Reflected Cross-Site Scripting (XSS). The connected sourc...

6.1CVSS6AI score0.00963EPSS
CVE
CVE
added 2017/09/06 9:0 p.m.71 views

CVE-2015-7241

CVE-2015-7241 describes an XML External Entity (XXE) vulnerability in SAP NetWeaver before 7.01 due to the XML parser. The vulnerability allows potential unauthorized access and data exposure via XXE, as documented in multiple sources (NVD, CNVD, CVE lists) and corroborated by exploitation refere...

9.8CVSS9.3AI score0.12426EPSS
CVE
CVE
added 2020/02/12 7:46 p.m.71 views

CVE-2020-6181

CVE-2020-6181 affects SAP NetWeaver SAP_BASIS (702, 730, 731, 740) and SAP ABAP Platform SAP_BASIS (750–754). The SAML SSO implementation may include invalidated data in HTTP response headers, enabling HTTP Response Splitting. Impact is a header-level manipulation in Web users; exact exploit deta...

5.8CVSS5.5AI score0.00775EPSS
CVE
CVE
added 2013/08/16 5:0 p.m.70 views

CVE-2013-3319

CVE-2013-3319 affects SAP NetWeaver 7.03 via the HostControl service GetComputerSystem method, enabling remote disclosure of sensitive information through a crafted SOAP request to port 1128. Public references in Nessus note and vendor advisories (SAP Note 1816536) detail sensitive data exposure ...

5CVSS6.2AI score0.20346EPSS
CVE
CVE
added 2023/06/13 2:45 a.m.70 views

CVE-2023-33985

CVE-2023-33985 affects SAP NetWeaver Enterprise Portal 7.50. The vulnerability is a reflected XSS caused by insufficient encoding of user-controlled inputs over the network, leading to a limited impact on confidentiality and integrity. Connected sources corroborate the affected product/version an...

6.1CVSS6AI score0.00507EPSS
CVE
CVE
added 2014/05/19 2:0 p.m.69 views

CVE-2014-3787

CVE-2014-3787 affects SAP NetWeaver 7.20 and earlier. Multiple connected sources confirm that remote attackers can read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. The CVSS estimate in NVD indicates a network-accessible, low-complexity漏洞 with partial confid...

5CVSS6.9AI score0.01369EPSS
CVE
CVE
added 2012/05/15 1:0 a.m.68 views

CVE-2012-2512

CVE-2012-2512 affects SAP NetWeaver Dispatcher (7.0 EHP1/EHP2) via disp+work.exe: DiagTraceStreamI vulnerability triggered by crafted SAP Diag packets over remote TCP causes a denial of service (daemon crash). Vulnerable versions include disp+work.exe v7010.29.15.58313 and v7200.70.18.23869. Impa...

5CVSS8.8AI score0.03354EPSS
CVE
CVE
added 2012/05/15 1:0 a.m.68 views

CVE-2012-2611

CVE-2012-2611 affects SAP NetWeaver Dispatcher where the DiagTraceR3Info function in disp+work.exe can overflow a stack buffer when Developer Traces are enabled at level 2 or higher, enabling remote code execution via crafted SAP Diag packets. Affected: SAP NetWeaver Dispatcher (7.0 EHP1/EHP2) wi...

9.3CVSS9.4AI score0.41919EPSS
CVE
CVE
added 2020/01/23 7:46 p.m.68 views

CVE-2013-1593

CVE-2013-1593 is a Denial of Service vulnerability in SAP NetWeaver Message Server (msg_server.exe) affecting SAP NetWeaver 2004s and 7.01 SR1, 7.02 SP06, 7.30 SP04. The issue arises in the WRITE_C function when processing specially crafted SAP Message Server packets directed at TCP ports 36NN/39...

7.5CVSS7.6AI score0.02388EPSS
CVE
CVE
added 2020/02/12 7:56 p.m.68 views

CVE-2020-6185

SAP NetWeaver ABAP Online Community and SAP S/4HANA (SAP_BASIS 7.40 and 7.50–7.54) are affected by CVE-2020-6185. An authenticated attacker can store a payload that yields Stored Cross-Site Scripting via the described conditions. Exploitation details are not provided beyond the stored-XSS descrip...

5.4CVSS5.2AI score0.00536EPSS
CVE
CVE
added 2013/11/19 7:0 p.m.67 views

CVE-2013-6822

CVE-2013-6822 affects the SAP NetWeaver component GRMGApp and is tied to an XML External Entity (XXE) issue. The available description states a remote impact but does not specify exact vulnerable versions, attack vectors, or concrete remediation. Several connected records reference SAP advisories...

10CVSS7.2AI score0.02182EPSS
CVE
CVE
added 2021/03/09 2:5 p.m.67 views

CVE-2021-21481

CVE-2021-21481 affects SAP NetWeaver AS JAVA MigrationService (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The vulnerability arises from a missing authorization check, which could let an unauthorized attacker access configuration objects and potentially grant administrative privileges, en...

9.6CVSS8.5AI score0.00562EPSS
CVE
CVE
added 2014/11/06 3:0 p.m.66 views

CVE-2014-0995

SAP NetWeaver Enqueue Server (Standalone Enqueue Server) is affected. Specifically, SAP NetWeaver 7.01 and 7.20 (and earlier) expose a denial-of-service vulnerability triggered by a crafted Trace Pattern with wildcards, causing uncontrolled recursion and a crash. The vulnerability affects the Sta...

5CVSS6.5AI score0.09666EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.66 views

CVE-2015-2815

CVE-2015-2815 affects the SAP NetWeaver Dispatcher in SAP Kernel. Vulnerable are SAP KERNEL 7.00 (32-bit, disp+work.exe 7000.52.12.34966) and 7.40 (64-bit, disp+work.exe 7400.12.21.30308). The issue is a buffer overflow in C_SAPGPARAM that can be exploited by an authenticated remote attacker to e...

6.5CVSS8.1AI score0.03677EPSS
CVE
CVE
added 2019/01/08 8:0 p.m.65 views

CVE-2019-0248

Summary: CVE-2019-0248 affects the SAP Gateway of the ABAP Application Server, causing information disclosure under certain conditions. The issue is addressed in SAP_GWFND versions 7.5, 7.51, 7.52, 7.53 and SAP_BASIS 7.5. Affected component: SAP Gateway in the ABAP Application Server. Root cause/...

5.9CVSS5.5AI score0.01564EPSS
CVE
CVE
added 2023/03/14 4:34 a.m.63 views

CVE-2023-0021

CVE-2023-0021 affects SAP NetWeaver versions 700–750. It stems from insufficient encoding of user input, allowing an unauthenticated attacker to inject code that can expose sensitive data (e.g., user IDs and passwords) and may lead to reflected Cross-Site Scripting. Endpoints are network-exposed,...

6.1CVSS6.2AI score0.00455EPSS
CVE
CVE
added 2023/09/12 1:59 a.m.63 views

CVE-2023-41367

CVE-2023-41367 affects SAP NetWeaver (Guided Procedures), specifically the webdynpro component in version 7.50. The root cause is a missing authentication check, allowing an unauthorized user to anonymously access the administrator view of a function and potentially view the user’s email address....

5.3CVSS5.4AI score0.00449EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.62 views

CVE-2015-2817

CVE-2015-2817 affects the SAP NetWeaver 7.40 SAP Management Console (CCMS) where an anonymous attacker can send a POST request to obtain information about SAP profile parameters via the ReadProfile interface. Root cause is information disclosure due to insufficient access control on the Managemen...

5CVSS6.2AI score0.02378EPSS
CVE
CVE
added 2016/04/14 2:0 p.m.61 views

CVE-2016-4014

The CVE-2016-4014 entry concerns an XXE/XEE vulnerability in the SAP NetWeaver AS JAVA UDDI component (SAP NetWeaver JAVA AS 7.4). The root cause is XML External Entity processing allowing a crafted DTD to cause denial of service by making the server hang when processing requests to uddi/api/repl...

9CVSS8.1AI score0.05264EPSS
CVE
CVE
added 2016/02/16 3:0 p.m.60 views

CVE-2016-2387

CVE-2016-2387 pertains to SAP NetWeaver 7.4, affecting the Java Proxy Runtime ProxyServer servlet. The vulnerability enables cross-site scripting (XSS) via the ProxyServer/register endpoint, by manipulating the ns or interface parameters, as noted in SAP Security Note 2220571. Public advisories (...

6.1CVSS6AI score0.01546EPSS
CVE
CVE
added 2012/05/15 1:0 a.m.58 views

CVE-2012-2511

CVE-2012-2511 affects SAP NetWeaver Dispatcher 7.0 EHP1/EHP2, specifically the disp+work.exe components (versions v7010.29.15.58313 and v7200.70.18.23869). The DiagTraceAtoms function is the root cause: processing crafted SAP Diag packets in the Dispatcher can trigger a remote, unauthenticated de...

5CVSS8.8AI score0.03679EPSS
CVE
CVE
added 2015/08/24 2:0 p.m.58 views

CVE-2015-6662

CVE-2015-6662 describes an XML External Entity (XXE) vulnerability in SAP NetWeaver Portal 7.4. The exposed component is the SAP NetWeaver Portal XML parser handling admin-import functionality (prtroot/com.sap.portal.landscape.access.LSXMLParse). A crafted XML payload can trigger XXE to read arbi...

6.8CVSS7.1AI score0.01643EPSS
CVE
CVE
added 2014/02/14 3:0 p.m.57 views

CVE-2014-1964

CVE-2014-1964 is an XSS vulnerability in the SAP NetWeaver Integration Repository (BC-XI) component of SAP Exchange Infrastructure. The issue affects the Integration Repository via the ESR application and a DIR error, enabling remote attackers to inject arbitrary web script or HTML. The NVD notes...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2014/06/09 8:0 p.m.57 views

CVE-2014-4003

CVE-2014-4003 refers to the SAP NetWeaver System Landscape Directory (SLD) vulnerability where remote attackers can modify information through vectors related to adding a system. The core impact is information tampering with SLD data, as described in multiple sources (NVD entry and SAP-related ad...

7.5CVSS6.4AI score0.0299EPSS
CVE
CVE
added 2016/04/14 2:0 p.m.57 views

CVE-2016-4015

CVE-2016-4015 is a DoS vulnerability in the SAP NetWeaver JAVA AS Enqueue Server. A crafted request in Enqueue Server (affecting SAP NetWeaver Enqueue Server 7.4 and likely earlier 7.1–7.4) can crash the process, enabling remote attackers to deny service. The issue is documented with SAP Security...

7.5CVSS7.2AI score0.02615EPSS
CVE
CVE
added 2012/05/15 1:0 a.m.56 views

CVE-2012-2513

CVE-2012-2513 affects SAP NetWeaver Dispatcher (disp+work.exe) in SAP NetWeaver 7.0 EHP1/EHP2. The vulnerability is triggered in the vulnerable dispatcher by sending specially crafted SAP Diag packets, targeting the Diaginput function, potentially causing a remote denial of service (daemon crash)...

5CVSS8.8AI score0.03354EPSS
Total number of security vulnerabilities102