SAP

Netweaver Application Server Java

67 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-0389

  • EPSS 0.46%
  • Published 13.11.2019 22:15:11
  • Last modified 21.11.2024 04:16:47

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not all...

7.2

CVE-2019-0355

  • EPSS 0.47%
  • Published 10.09.2019 17:15:10
  • Last modified 21.11.2024 04:16:44

SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attack...

9.8

CVE-2019-0345

  • EPSS 1.03%
  • Published 14.08.2019 14:15:16
  • Last modified 21.11.2024 04:16:43

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into lea...

7.2

CVE-2019-0327

  • EPSS 0.76%
  • Published 10.07.2019 20:15:12
  • Last modified 21.11.2024 04:16:41

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format...

5.3

CVE-2019-0318

  • EPSS 0.35%
  • Published 10.07.2019 19:15:10
  • Last modified 21.11.2024 04:16:40

Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted.

5.4

CVE-2019-0275

  • EPSS 0.25%
  • Published 12.03.2019 22:29:00
  • Last modified 21.11.2024 04:16:37

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability...

6.1

CVE-2018-2504

  • EPSS 0.38%
  • Published 11.12.2018 22:29:00
  • Last modified 21.11.2024 04:03:55

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31...

7.4

CVE-2018-2503

  • EPSS 0.19%
  • Published 11.12.2018 22:29:00
  • Last modified 21.11.2024 04:03:55

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

7.1

CVE-2018-2492

  • EPSS 0.38%
  • Published 11.12.2018 22:29:00
  • Last modified 21.11.2024 04:03:54

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

6.1

CVE-2018-2452

  • EPSS 0.57%
  • Published 11.09.2018 15:29:00
  • Last modified 21.11.2024 04:03:50

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.