CVE-2024-22127

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confiden...

CVE-2024-34688

Due to unrestricted access to the Meta ModelRepository services in SAP NetWeaver AS Java, attackers can perform DoS attackson the application, which may prevent legitimate users from accessing it. Thiscan result in no impact on confidentiality and integrity but a high impact onthe availability of t...

CVE-2024-22126

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and ...

CVE-2024-24743

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

CVE-2024-28164

SAP NetWeaver AS Java (CAF - Guided Procedures)allows an unauthenticated user to access non-sensitive information about theserver which would otherwise be restricted causing low impact onconfidentiality of the application.