Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Netweaver_application_server_java
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 66 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-14 | CVE-2023-42480 | The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | Netweaver_application_server_java | 5.3 | ||
| 2024-02-13 | CVE-2024-24743 | SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. | Netweaver_application_server_java | 7.5 | ||
| 2024-06-11 | CVE-2024-28164 | SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. | Netweaver_application_server_java | 5.3 | ||
| 2024-06-11 | CVE-2024-34688 | Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application. | Netweaver_application_server_java | 7.5 | ||
| 2018-12-11 | CVE-2018-2503 | By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | Netweaver_application_server_java | 7.4 | ||
| 2019-03-12 | CVE-2019-0275 | SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | Netweaver_application_server_java | 5.4 | ||
| 2018-12-11 | CVE-2018-2504 | SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | Netweaver_application_server_java | 6.1 | ||
| 2018-12-11 | CVE-2018-2492 | SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | Netweaver_application_server_java | 7.1 | ||
| 2018-09-11 | CVE-2018-2452 | The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | Netweaver_application_server_java | 6.1 | ||
| 2017-09-19 | CVE-2017-14581 | The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | Netweaver_application_server_java | 7.5 |