Latest sap netweaver Vulnerabilities

CVE-2024-22124
Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
SAP NetWeaver=kernel_7.22
SAP NetWeaver=kernel_7.53
SAP NetWeaver=kernel_7.54
SAP NetWeaver=krnl64nuc_7.22
SAP NetWeaver=krnl64nuc_7.22ext
SAP NetWeaver=krnl64uc_7.22ext
and 4 more
CVE-2023-41367
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. ...
SAP NetWeaver=7.50
CVE-2023-36922
OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
SAP NetWeaver=600
SAP NetWeaver=602
SAP NetWeaver=603
SAP NetWeaver=604
SAP NetWeaver=605
SAP NetWeaver=606
and 9 more
CVE-2023-33985
SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changin...
SAP NetWeaver=7.50
CVE-2023-33984
SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content ...
SAP NetWeaver=7.50
CVE-2023-29186
In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but ...
SAP NetWeaver=707
SAP NetWeaver=737
SAP NetWeaver=747
SAP NetWeaver=757
CVE-2023-27499
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a r...
SAP NetWeaver=7.22ext
SAP NetWeaver Application Server ABAP=7.22
SAP NetWeaver Application Server ABAP=7.53
SAP NetWeaver Application Server ABAP=7.54
SAP NetWeaver Application Server ABAP=7.77
SAP NetWeaver Application Server ABAP=7.81
and 5 more
CVE-2023-0021
Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and pas...
SAP NetWeaver=700
SAP NetWeaver=701
SAP NetWeaver=702
SAP NetWeaver=731
SAP NetWeaver=740
SAP NetWeaver=750
CVE-2022-28217
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endp...
SAP NetWeaver=7.20
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
SAP NetWeaver=7.50
CVE-2022-28772
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL6...
SAP NetWeaver=7.22ext
SAP NetWeaver=7.49
SAP NetWeaver=7.53
SAP NetWeaver=7.77
SAP NetWeaver=7.81
SAP NetWeaver=7.85
and 9 more
CVE-2022-28773
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
SAP NetWeaver=7.22ext
SAP NetWeaver=7.49
SAP NetWeaver=7.53
SAP NetWeaver=7.77
SAP NetWeaver=7.81
SAP NetWeaver=7.85
and 9 more
CVE-2022-22534
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally expos...
SAP NetWeaver=700
SAP NetWeaver=701
SAP NetWeaver=702
SAP NetWeaver=731
SAP NetWeaver=740
SAP NetWeaver=750
and 6 more
CVE-2021-38183
SAP NetWeaver=700
SAP NetWeaver=701
SAP NetWeaver=702
SAP NetWeaver=730
CVE-2021-38163
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
SAP NetWeaver=7.50
CVE-2021-21481
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access con...
SAP NetWeaver=7.10
SAP NetWeaver=7.11
SAP NetWeaver=7.20
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
and 1 more
CVE-2020-6287
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-6285
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restri...
SAP NetWeaver=7.10
SAP NetWeaver=7.11
SAP NetWeaver=7.20
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
and 1 more
CVE-2020-6203
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus cha...
SAP NetWeaver=7.10
SAP NetWeaver=7.11
SAP NetWeaver=7.20
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
and 1 more
CVE-2020-6185
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a ...
SAP NetWeaver=7.40
Sap S\/4hana=7.50
Sap S\/4hana=7.51
Sap S\/4hana=7.52
Sap S\/4hana=7.53
Sap S\/4hana=7.54
CVE-2020-6181
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker ...
SAP ABAP Platform=7.50
SAP ABAP Platform=7.51
SAP ABAP Platform=7.52
SAP ABAP Platform=7.53
SAP ABAP Platform=7.54
SAP NetWeaver=7.02
and 3 more
CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlle...
SAP NetWeaver=7.40
Sap S\/4hana=7.50
Sap S\/4hana=7.51
Sap S\/4hana=7.52
Sap S\/4hana=7.53
Sap S\/4hana=7.54
CVE-2011-1517
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerabil...
SAP NetWeaver=7.0
CVE-2013-1592
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in ...
SAP NetWeaver=7.01-sr1
SAP NetWeaver=7.02-sp06
SAP NetWeaver=7.30-sp04
SAP NetWeaver=2004s
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
SAP NetWeaver=7.5
SAP NetWeaver=7.51
SAP NetWeaver=7.52
SAP NetWeaver=7.53
SAP Basis=7.5
CVE-2018-2477
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
SAP NetWeaver=7.50
CVE-2018-2476
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scriptin...
SAP NetWeaver>=7.0<=7.02
SAP NetWeaver>=7.50<=7.53
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
SAP NetWeaver=7.20
SAP NetWeaver=7.30
SAP NetWeaver=7.31
SAP NetWeaver=7.40
SAP NetWeaver=7.50
CVE-2018-2434
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1...
SAP NetWeaver=7.0
Sap Ui Infra=1.0
SAP User Interface Technology=7.4
SAP User Interface Technology=7.5
SAP User Interface Technology=7.51
SAP User Interface Technology=7.52

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203