Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
SapNetweaver Application Server Java

66 matches found

CVE
CVEadded 2018/09/11 3:29 p.m.43 views

CVE-2018-2452

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.

6.1CVSS5.9AI score0.0059EPSS
CVE
CVEadded 2020/12/09 5:15 p.m.43 views

CVE-2020-26816

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

5.4CVSS5.2AI score0.0002EPSS
CVE
CVEadded 2021/03/10 3:15 p.m.43 views

CVE-2021-21491

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

6.1CVSS6.2AI score0.00133EPSS
CVE
CVEadded 2018/12/11 11:0 p.m.42 views

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

6.1CVSS5.9AI score0.00391EPSS
CVE
CVEadded 2018/12/11 11:0 p.m.41 views

CVE-2018-2492

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

7.1CVSS6.8AI score0.00385EPSS
CVE
CVEadded 2019/11/13 10:15 p.m.41 views

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.

4.3CVSS4.4AI score0.00272EPSS
CVE
CVEadded 2020/07/14 1:15 p.m.40 views

CVE-2020-6282

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usual...

5.8CVSS5.6AI score0.00137EPSS
CVE
CVEadded 2016/04/07 7:59 p.m.38 views

CVE-2016-3973

The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka ...

5.3CVSS5.1AI score0.00503EPSS
CVE
CVEadded 2017/07/25 6:29 p.m.38 views

CVE-2017-11458

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

6.1CVSS6AI score0.00297EPSS
CVE
CVEadded 2020/09/09 1:15 p.m.38 views

CVE-2020-6313

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScri...

6.5CVSS6.1AI score0.00296EPSS
CVE
CVEadded 2018/12/11 11:0 p.m.37 views

CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

7.4CVSS7.3AI score0.00197EPSS
CVE
CVEadded 2017/04/14 6:59 p.m.35 views

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.

8.8CVSS8.7AI score0.00836EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.35 views

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.

8.8CVSS8.1AI score0.00552EPSS
CVE
CVEadded 2016/04/08 12:59 a.m.34 views

CVE-2015-8840

The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/ca...

8.8CVSS8.9AI score0.00476EPSS
CVE
CVEadded 2017/04/10 2:59 p.m.33 views

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.

6.5CVSS6.1AI score0.00893EPSS
CVE
CVEadded 2016/11/23 2:59 a.m.32 views

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

7.5CVSS7.5AI score0.01174EPSS
Total number of security vulnerabilities66