Netweaver Application Server Java Security Vulnerabilities and Issues — Netweaver Application Server Java CVE List

Lucene search

SapNetweaver Application Server Java

4 matches found

CVE•added 2021/04/13 7:15 p.m.•60 views

CVE-2021-21492

SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.

4.3CVSS5AI score0.00161EPSS

CVE•added 2021/07/14 12:15 p.m.•46 views

CVE-2021-33687

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

4.9CVSS4.7AI score0.00448EPSS

CVE•added 2021/07/14 12:15 p.m.•46 views

CVE-2021-33689

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.

4.3CVSS4.8AI score0.00336EPSS

CVE•added 2019/11/13 10:15 p.m.•41 views

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.

4.3CVSS4.4AI score0.00272EPSS