SAP

Netweaver Application Server Java

67 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-24526

  • EPSS 0.25%
  • Veröffentlicht 14.03.2023 05:15:29
  • Zuletzt bearbeitet 21.11.2024 07:48:03

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentia...

6.1

CVE-2022-41262

  • EPSS 0.79%
  • Veröffentlicht 12.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:22:56

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify informatio...

5.3

CVE-2022-26103

  • EPSS 0.18%
  • Veröffentlicht 10.03.2022 17:47:31
  • Zuletzt bearbeitet 21.11.2024 06:53:26

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.

7.5

CVE-2022-22533

  • EPSS 0.38%
  • Veröffentlicht 09.02.2022 23:15:18
  • Zuletzt bearbeitet 21.11.2024 06:46:58

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors...

9.8

CVE-2022-22532

  • EPSS 1.62%
  • Veröffentlicht 09.02.2022 23:15:18
  • Zuletzt bearbeitet 21.11.2024 06:46:58

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared mem...

9.8

CVE-2021-37535

  • EPSS 0.34%
  • Veröffentlicht 14.09.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 06:15:19

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

4.3

CVE-2021-33689

  • EPSS 0.34%
  • Veröffentlicht 14.07.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:22

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.

4.9

CVE-2021-33687

  • EPSS 0.45%
  • Veröffentlicht 14.07.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:22

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

7.5

CVE-2021-33670

  • EPSS 5.56%
  • Veröffentlicht 14.07.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:09:19

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unav...

5.4

CVE-2021-27601

  • EPSS 0.16%
  • Veröffentlicht 13.04.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:58:16

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the att...