SAP

Netweaver Application Server Java

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-40309

  • EPSS 0.16%
  • Veröffentlicht 12.09.2023 03:15:12
  • Zuletzt bearbeitet 21.11.2024 08:19:12

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges...

7.5

CVE-2023-40308

  • EPSS 0.13%
  • Veröffentlicht 12.09.2023 02:15:12
  • Zuletzt bearbeitet 21.11.2024 08:19:12

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no abilit...

5.3

CVE-2023-24526

  • EPSS 0.35%
  • Veröffentlicht 14.03.2023 05:15:29
  • Zuletzt bearbeitet 21.11.2024 07:48:03

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentia...

6.1

CVE-2022-41262

  • EPSS 1.31%
  • Veröffentlicht 12.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:22:56

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify informatio...

5.3

CVE-2022-26103

  • EPSS 0.18%
  • Veröffentlicht 10.03.2022 17:47:31
  • Zuletzt bearbeitet 21.11.2024 06:53:26

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.

9.8

CVE-2022-22532

  • EPSS 2.08%
  • Veröffentlicht 09.02.2022 23:15:18
  • Zuletzt bearbeitet 21.11.2024 06:46:58

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared mem...

7.5

CVE-2022-22533

  • EPSS 0.75%
  • Veröffentlicht 09.02.2022 23:15:18
  • Zuletzt bearbeitet 21.11.2024 06:46:58

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors...

9.8

CVE-2021-37535

  • EPSS 0.34%
  • Veröffentlicht 14.09.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 06:15:19

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

4.3

CVE-2021-33689

  • EPSS 0.23%
  • Veröffentlicht 14.07.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:22

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.

4.9

CVE-2021-33687

  • EPSS 0.72%
  • Veröffentlicht 14.07.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:22

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.