Latest sap netweaver application server java Vulnerabilities

CVE-2023-42480
Information Disclosure in NetWeaver AS Java Logon
SAP NetWeaver Application Server Java=7.50
CVE-2023-42477
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integri...
SAP NetWeaver Application Server Java=7.50
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depend...
SAP CommonCryptoLib=8.0.0
SAP Content Server=6.50
SAP Content Server=7.53
SAP Content Server=7.54
Sap Extended Application Services And Runtime=1.0
SAP HANA Database=2.0
and 41 more
CVE-2023-40308
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component ...
SAP CommonCryptoLib=8.0.0
SAP Content Server=6.50
SAP Content Server=7.53
SAP Content Server=7.54
Sap Extended Application Services And Runtime=1.0
SAP HANA Database=2.0
and 41 more
CVE-2023-24526
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privil...
SAP NetWeaver Application Server Java=7.50
CVE-2022-41262
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful explo...
SAP NetWeaver Application Server Java=7.50
CVE-2022-26103
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and atta...
SAP NetWeaver Application Server Java=7.50
CVE-2022-22532
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP...
SAP NetWeaver Application Server Java=7.22
SAP NetWeaver Application Server Java=7.49
SAP NetWeaver Application Server Java=7.53
SAP NetWeaver Application Server Java=krnl64nuc_7.22
SAP NetWeaver Application Server Java=krnl64nuc_7.22ext
SAP NetWeaver Application Server Java=krnl64nuc_7.49
and 3 more
CVE-2022-22533
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit...
SAP NetWeaver Application Server Java=7.22
SAP NetWeaver Application Server Java=7.49
SAP NetWeaver Application Server Java=7.53
SAP NetWeaver Application Server Java=krnl64nuc_7.22
SAP NetWeaver Application Server Java=krnl64nuc_7.22ext
SAP NetWeaver Application Server Java=krnl64nuc_7.49
and 3 more
CVE-2021-33689
SAP NetWeaver Application Server Java=7.50
CVE-2021-33687
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2021-33670
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby c...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2021-27598
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of miss...
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2021-21492
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2021-21485
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged us...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2021-21491
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Rev...
SAP NetWeaver Application Server Java=7.00
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
and 2 more
CVE-2020-26829
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside ...
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-26816
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in ...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2020-26826
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to U...
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-26820
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the fi...
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-6319
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different sym...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2020-6313
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store mal...
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-6309
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attac...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2020-6287
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-6282
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2020-6286
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker...
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2020-6224
SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2020-6202
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2019-0391
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2019-0389
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and e...
SAP NetWeaver Application Server Java=7.1
SAP NetWeaver Application Server Java=7.2
SAP NetWeaver Application Server Java=7.3
SAP NetWeaver Application Server Java=7.4
SAP NetWeaver Application Server Java=7.5
SAP NetWeaver Application Server Java=7.31
CVE-2019-0355
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code ...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2019-0345
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted ...
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2019-0327
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2019-0318
SAP NetWeaver Application Server Java=7.21
SAP NetWeaver Application Server Java=7.22
SAP NetWeaver Application Server Java=7.45
SAP NetWeaver Application Server Java=7.49
SAP NetWeaver Application Server Java=7.53
CVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which r...
SAP NetWeaver Application Server Java>=7.10<=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2018-2492
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
SAP NetWeaver Application Server Java=7.50
CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This...
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more
CVE-2018-2452
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
SAP NetWeaver Application Server Java=7.10
SAP NetWeaver Application Server Java=7.11
SAP NetWeaver Application Server Java=7.20
SAP NetWeaver Application Server Java=7.30
SAP NetWeaver Application Server Java=7.31
SAP NetWeaver Application Server Java=7.40
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203