Netweaver@7.31 Security Vulnerabilities and Issues — Netweaver@7.31 CVE List

Lucene search

SapNetweaver7.31

5 matches found

CVE•added 2018/09/11 3:29 p.m.•37 views

CVE-2018-2464

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.

6.1CVSS5.9AI score0.00418EPSS

CVE•added 2018/11/13 8:29 p.m.•36 views

CVE-2018-2476

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

6.1CVSS6.1AI score0.00217EPSS

CVE•added 2018/10/09 1:29 p.m.•34 views

CVE-2018-2470

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1CVSS6AI score0.00434EPSS

CVE•added 2018/11/13 8:29 p.m.•33 views

CVE-2018-2477

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

8.8CVSS8.6AI score0.00854EPSS

CVE•added 2018/09/11 3:29 p.m.•31 views

CVE-2018-2462

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

8.8CVSS8.6AI score0.00748EPSS