Netweaver Application Server Java Security Vulnerabilities and Issues — Netweaver Application Server Java CVE List

Lucene search

SapNetweaver Application Server Java

3 matches found

CVE•added 2020/07/14 1:15 p.m.•1213 views

CVE-2020-6287

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

10CVSS10AI score0.94395EPSS

CVE•added 2020/07/14 1:15 p.m.•225 views

CVE-2020-6286

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

5.3CVSS7AI score0.71701EPSS

CVE•added 2020/07/14 1:15 p.m.•40 views

CVE-2020-6282

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usual...

5.8CVSS5.6AI score0.00137EPSS