SAP

Netweaver Application Server Java

67 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-6313

  • EPSS 0.3%
  • Veröffentlicht 09.09.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:35:29

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, ca...

7.8

CVE-2020-6309

  • EPSS 0.61%
  • Veröffentlicht 12.08.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:28

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to comple...

10

CVE-2020-6287

Warnung
  • EPSS 94.4%
  • Veröffentlicht 14.07.2020 13:15:13
  • Zuletzt bearbeitet 13.03.2025 17:28:24

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the ...

5.3

CVE-2020-6286

  • EPSS 86.91%
  • Veröffentlicht 14.07.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:26

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a sp...

5.8

CVE-2020-6282

  • EPSS 0.14%
  • Veröffentlicht 14.07.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:25

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted reque...

9.8

CVE-2020-6263

  • EPSS 0.22%
  • Veröffentlicht 10.06.2020 13:15:18
  • Zuletzt bearbeitet 21.11.2024 05:35:24

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform a...

6.2

CVE-2020-6224

  • EPSS 0.29%
  • Veröffentlicht 14.04.2020 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:35:20

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with log...

7.2

CVE-2020-6202

  • EPSS 0.48%
  • Veröffentlicht 10.03.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:17

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing X...

5.8

CVE-2020-6190

  • EPSS 0.26%
  • Veröffentlicht 12.02.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:16

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leadin...

4.3

CVE-2019-0391

  • EPSS 0.27%
  • Veröffentlicht 13.11.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:16:47

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.