Netweaver Application Server Java@7.20 Security Vulnerabilities and Issues — Netweaver Application Server Java@7.20 CVE List

Lucene search

SapNetweaver Application Server Java7.20

10 matches found

CVE•added 2020/03/10 9:15 p.m.•73 views

CVE-2020-6202

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.

7.2CVSS7AI score0.00476EPSS

CVE•added 2020/10/15 3:15 a.m.•67 views

CVE-2020-6365

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victi...

6.1CVSS6.4AI score0.00212EPSS

CVE•added 2020/11/10 5:15 p.m.•55 views

CVE-2020-26820

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechani...

9.1CVSS7.2AI score0.03156EPSS

CVE•added 2020/06/10 1:15 p.m.•54 views

CVE-2020-6263

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that requ...

9.8CVSS9.5AI score0.00224EPSS

CVE•added 2020/08/12 2:15 p.m.•54 views

CVE-2020-6309

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.

7.8CVSS7.6AI score0.00606EPSS

CVE•added 2020/04/14 7:15 p.m.•53 views

CVE-2020-6224

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure...

6.2CVSS6.4AI score0.00285EPSS

CVE•added 2020/10/15 2:15 a.m.•53 views

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authenticati...

6.1CVSS6.3AI score0.00322EPSS

CVE•added 2020/12/09 5:15 p.m.•52 views

CVE-2020-26829

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

10CVSS9.6AI score0.01906EPSS

CVE•added 2020/12/09 5:15 p.m.•43 views

CVE-2020-26816

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

5.4CVSS5.2AI score0.0002EPSS

CVE•added 2020/07/14 1:15 p.m.•40 views

CVE-2020-6282

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usual...

5.8CVSS5.6AI score0.00137EPSS