SAP

Netweaver Application Server Java

67 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-6313

  • EPSS 0.3%
  • Published 09.09.2020 13:15:11
  • Last modified 21.11.2024 05:35:29

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, ca...

7.8

CVE-2020-6309

  • EPSS 0.61%
  • Published 12.08.2020 14:15:14
  • Last modified 21.11.2024 05:35:28

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to comple...

10

CVE-2020-6287

Warning
  • EPSS 94.4%
  • Published 14.07.2020 13:15:13
  • Last modified 13.03.2025 17:28:24

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the ...

5.3

CVE-2020-6286

  • EPSS 86.91%
  • Published 14.07.2020 13:15:12
  • Last modified 21.11.2024 05:35:26

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a sp...

5.8

CVE-2020-6282

  • EPSS 0.14%
  • Published 14.07.2020 13:15:12
  • Last modified 21.11.2024 05:35:25

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted reque...

9.8

CVE-2020-6263

  • EPSS 0.22%
  • Published 10.06.2020 13:15:18
  • Last modified 21.11.2024 05:35:24

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform a...

6.2

CVE-2020-6224

  • EPSS 0.29%
  • Published 14.04.2020 19:15:17
  • Last modified 21.11.2024 05:35:20

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with log...

7.2

CVE-2020-6202

  • EPSS 0.48%
  • Published 10.03.2020 21:15:14
  • Last modified 21.11.2024 05:35:17

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing X...

5.8

CVE-2020-6190

  • EPSS 0.26%
  • Published 12.02.2020 20:15:14
  • Last modified 21.11.2024 05:35:16

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leadin...

4.3

CVE-2019-0391

  • EPSS 0.27%
  • Published 13.11.2019 22:15:11
  • Last modified 21.11.2024 04:16:47

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.