Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
SapNetweaver Application Server For Java

9 matches found

CVE
CVEadded 2023/03/14 5:15 a.m.111 views

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services acro...

9.9CVSS8.6AI score0.00256EPSS
CVE
CVEadded 2023/01/10 4:15 a.m.105 views

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current s...

9.8CVSS9.2AI score0.03714EPSS
CVE
CVEadded 2022/04/12 5:15 p.m.71 views

CVE-2022-27669

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.

7.5CVSS7.8AI score0.00702EPSS
CVE
CVEadded 2023/05/09 2:15 a.m.67 views

CVE-2023-30744

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authent...

9.1CVSS8.9AI score0.00234EPSS
CVE
CVEadded 2023/03/14 5:15 a.m.59 views

CVE-2023-26460

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity

5.3CVSS5.5AI score0.00192EPSS
CVE
CVEadded 2023/03/14 5:15 a.m.57 views

CVE-2023-27268

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify ...

5.3CVSS5.5AI score0.00237EPSS
CVE
CVEadded 2023/07/11 3:15 a.m.47 views

CVE-2023-31405

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any eff...

5.3CVSS5.2AI score0.00172EPSS
CVE
CVEadded 2021/06/09 2:15 p.m.46 views

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise co...

9CVSS6.2AI score0.02079EPSS
CVE
CVEadded 2021/06/09 2:15 p.m.43 views

CVE-2021-27621

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

5.5CVSS4.8AI score0.00221EPSS