Netweaver Application Server Java@7.11 Security Vulnerabilities and Issues — Netweaver Application Server Java@7.11 CVE List

Lucene search

SapNetweaver Application Server Java7.11

16 matches found

CVE•added 2021/07/14 12:15 p.m.•94 views

CVE-2021-33670

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to deni...

7.5CVSS7.4AI score0.01845EPSS

CVE•added 2020/10/15 3:15 a.m.•67 views

CVE-2020-6365

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victi...

6.1CVSS6.4AI score0.00212EPSS

CVE•added 2021/09/14 12:15 p.m.•64 views

CVE-2021-37535

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

10CVSS9.4AI score0.00337EPSS

CVE•added 2021/04/13 7:15 p.m.•60 views

CVE-2021-21492

SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.

4.3CVSS5AI score0.00161EPSS

CVE•added 2020/06/10 1:15 p.m.•54 views

CVE-2020-6263

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that requ...

9.8CVSS9.5AI score0.00224EPSS

CVE•added 2020/08/12 2:15 p.m.•54 views

CVE-2020-6309

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.

7.8CVSS7.6AI score0.00606EPSS

CVE•added 2020/04/14 7:15 p.m.•53 views

CVE-2020-6224

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure...

6.2CVSS6.4AI score0.00285EPSS

CVE•added 2020/10/15 2:15 a.m.•53 views

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authenticati...

6.1CVSS6.3AI score0.00322EPSS

CVE•added 2020/12/09 5:15 p.m.•52 views

CVE-2020-26829

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

10CVSS9.6AI score0.01906EPSS

CVE•added 2021/04/13 7:15 p.m.•51 views

CVE-2021-27601

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the atta...

5.4CVSS5.5AI score0.00162EPSS

CVE•added 2018/09/11 3:29 p.m.•43 views

CVE-2018-2452

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.

6.1CVSS5.9AI score0.0059EPSS

CVE•added 2020/12/09 5:15 p.m.•43 views

CVE-2020-26816

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

5.4CVSS5.2AI score0.0002EPSS

CVE•added 2021/03/10 3:15 p.m.•43 views

CVE-2021-21491

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

6.1CVSS6.2AI score0.00133EPSS

CVE•added 2018/12/11 11:0 p.m.•42 views

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

6.1CVSS5.9AI score0.00391EPSS

CVE•added 2020/07/14 1:15 p.m.•40 views

CVE-2020-6282

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usual...

5.8CVSS5.6AI score0.00137EPSS

CVE•added 2018/12/11 11:0 p.m.•37 views

CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

7.4CVSS7.3AI score0.00197EPSS