Netweaver@7.20 Security Vulnerabilities and Issues — Netweaver@7.20 CVE List

Lucene search

SapNetweaver7.20

9 matches found

CVE•added 2020/03/10 9:15 p.m.•74 views

CVE-2020-6203

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to...

9.1CVSS8.9AI score0.00978EPSS

CVE•added 2022/06/13 5:15 p.m.•73 views

CVE-2022-28217

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by cau...

6.5CVSS6.5AI score0.00257EPSS

CVE•added 2014/11/06 3:55 p.m.•49 views

CVE-2014-0995

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

5CVSS6.5AI score0.29647EPSS

CVE•added 2021/03/09 3:15 p.m.•49 views

CVE-2021-21481

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in compl...

9.6CVSS8.5AI score0.00156EPSS

CVE•added 2014/09/05 2:55 p.m.•40 views

CVE-2014-6252

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.

6.5CVSS7.9AI score0.02237EPSS

CVE•added 2018/09/11 3:29 p.m.•37 views

CVE-2018-2464

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.

6.1CVSS5.9AI score0.00434EPSS

CVE•added 2019/08/14 2:15 p.m.•37 views

CVE-2019-0351

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, ...

8.8CVSS8.8AI score0.02279EPSS

CVE•added 2014/02/14 3:55 p.m.•35 views

CVE-2014-1963

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.

5CVSS6.8AI score0.0073EPSS

CVE•added 2020/07/14 1:15 p.m.•32 views

CVE-2020-6285

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

7.7CVSS6.3AI score0.00256EPSS