SAP

Netweaver Application Server Java

67 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-47592

  • EPSS 0.13%
  • Published 12.11.2024 01:15:05
  • Last modified 12.11.2024 13:55:21

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.

7.5

CVE-2024-34688

  • EPSS 0.53%
  • Published 11.06.2024 03:15:11
  • Last modified 21.11.2024 09:19:11

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and...

5.3

CVE-2024-28164

  • EPSS 0.38%
  • Published 11.06.2024 03:15:09
  • Last modified 21.11.2024 09:05:56

SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.

9.1

CVE-2024-22127

  • EPSS 1.54%
  • Published 12.03.2024 01:15:49
  • Last modified 07.02.2025 17:25:17

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run...

7.5

CVE-2024-24743

  • EPSS 0.2%
  • Published 13.02.2024 03:15:09
  • Last modified 21.11.2024 08:59:36

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not mo...

6.1

CVE-2024-22126

  • EPSS 0.36%
  • Published 13.02.2024 02:15:08
  • Last modified 11.02.2025 05:15:13

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability,...

5.3

CVE-2023-42480

  • EPSS 0.1%
  • Published 14.11.2023 01:15:07
  • Last modified 21.11.2024 08:22:38

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or ...

6.5

CVE-2023-42477

  • EPSS 0.09%
  • Published 10.10.2023 02:15:11
  • Last modified 21.11.2024 08:22:38

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.

9.8

CVE-2023-40309

  • EPSS 0.16%
  • Published 12.09.2023 03:15:12
  • Last modified 21.11.2024 08:19:12

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges...

7.5

CVE-2023-40308

  • EPSS 0.13%
  • Published 12.09.2023 02:15:12
  • Last modified 21.11.2024 08:19:12

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no abilit...