Netweaver Application Server Java Security Vulnerabilities and Issues — Netweaver Application Server Java CVE List

Lucene search

SapNetweaver Application Server Java

9 matches found

CVE•added 2021/07/14 12:15 p.m.•94 views

CVE-2021-33670

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to deni...

7.5CVSS7.4AI score0.01845EPSS

CVE•added 2021/09/14 12:15 p.m.•64 views

CVE-2021-37535

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

10CVSS9.4AI score0.00337EPSS

CVE•added 2021/04/13 7:15 p.m.•60 views

CVE-2021-21492

SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.

4.3CVSS5AI score0.00161EPSS

CVE•added 2021/04/13 7:15 p.m.•57 views

CVE-2021-21485

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.

7.4CVSS6.5AI score0.00274EPSS

CVE•added 2021/04/13 7:15 p.m.•51 views

CVE-2021-27601

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the atta...

5.4CVSS5.5AI score0.00162EPSS

CVE•added 2021/04/13 7:15 p.m.•50 views

CVE-2021-27598

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.

6.5CVSS5.3AI score0.00183EPSS

CVE•added 2021/07/14 12:15 p.m.•46 views

CVE-2021-33687

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

4.9CVSS4.7AI score0.00448EPSS

CVE•added 2021/07/14 12:15 p.m.•46 views

CVE-2021-33689

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.

4.3CVSS4.8AI score0.00336EPSS

CVE•added 2021/03/10 3:15 p.m.•43 views

CVE-2021-21491

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

6.1CVSS6.2AI score0.00133EPSS