SAP

Netweaver Application Server For Java

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-0054

  • EPSS 0.04%
  • Published 11.02.2025 01:15:09
  • Last modified 18.02.2025 18:15:28

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which co...

5.3

CVE-2023-31405

  • EPSS 0.17%
  • Published 11.07.2023 03:15:09
  • Last modified 21.11.2024 08:01:47

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There...

9.1

CVE-2023-30744

  • EPSS 0.23%
  • Published 09.05.2023 02:15:12
  • Last modified 21.11.2024 08:00:49

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be...

5.3

CVE-2023-26460

  • EPSS 0.19%
  • Published 14.03.2023 05:15:30
  • Last modified 21.11.2024 07:51:31

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity

5.3

CVE-2023-27268

  • EPSS 0.24%
  • Published 14.03.2023 05:15:30
  • Last modified 21.11.2024 07:52:34

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service...

8.6

CVE-2023-23857

  • EPSS 0.26%
  • Published 14.03.2023 05:15:29
  • Last modified 21.11.2024 07:46:58

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthor...

9.8

CVE-2023-0017

  • EPSS 4.06%
  • Published 10.01.2023 04:15:09
  • Last modified 21.11.2024 07:36:24

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized ope...

7.5

CVE-2022-27669

  • EPSS 0.7%
  • Published 12.04.2022 17:15:10
  • Last modified 21.11.2024 06:56:08

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.

6.5

CVE-2021-27635

  • EPSS 2.08%
  • Published 09.06.2021 14:15:09
  • Last modified 21.11.2024 05:58:20

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vuln...

4.9

CVE-2021-27621

  • EPSS 0.22%
  • Published 09.06.2021 14:15:08
  • Last modified 21.11.2024 05:58:18

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.