CVE-2022-29618
- EPSS 3.11%
- Published 14.06.2022 19:15:07
- Last modified 21.11.2024 06:59:26
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On suc...
CVE-2021-33690
- EPSS 90.68%
- Published 15.09.2021 19:15:09
- Last modified 21.11.2024 06:09:22
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Servi...
CVE-2021-33691
- EPSS 0.23%
- Published 15.09.2021 19:15:09
- Last modified 21.11.2024 06:09:22
NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to s...
CVE-2013-6820
- EPSS 3.78%
- Published 20.11.2013 14:12:30
- Last modified 11.04.2025 00:51:21
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.