CVE-2020-6202
- EPSS 1.07%
- Veröffentlicht 10.03.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:35:17
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing X...
CVE-2020-6190
- EPSS 0.9%
- Veröffentlicht 12.02.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:35:16
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leadin...
CVE-2019-0391
- EPSS 0.89%
- Veröffentlicht 13.11.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:16:47
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
CVE-2019-0389
- EPSS 1.35%
- Veröffentlicht 13.11.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:16:47
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not all...
CVE-2019-0355
- EPSS 1.56%
- Veröffentlicht 10.09.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:16:44
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attack...
CVE-2019-0345
- EPSS 2.33%
- Veröffentlicht 14.08.2019 14:15:16
- Zuletzt bearbeitet 21.11.2024 04:16:43
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into lea...
CVE-2019-0327
- EPSS 2.1%
- Veröffentlicht 10.07.2019 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:16:41
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format...
CVE-2019-0318
- EPSS 1.36%
- Veröffentlicht 10.07.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:16:40
Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0275
- EPSS 0.78%
- Veröffentlicht 12.03.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:37
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability...
CVE-2018-2492
- EPSS 1.14%
- Veröffentlicht 11.12.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:03:54
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.