Netweaver_application_server_java - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Netweaver_application_server_java
(Sap)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	65

Date	Id	Summary	Products	Score	Patch	Annotated
2016-11-23	CVE-2016-9563	BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.	Netweaver_application_server_java	6.5
2018-12-11	CVE-2018-2503	By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).	Netweaver_application_server_java	7.4
2019-03-12	CVE-2019-0275	SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.	Netweaver_application_server_java	5.4
2016-02-16	CVE-2016-2388	The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.	Netweaver_application_server_java	5.3
2018-12-11	CVE-2018-2504	SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.	Netweaver_application_server_java	6.1
2018-12-11	CVE-2018-2492	SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.	Netweaver_application_server_java	7.1
2018-09-11	CVE-2018-2452	The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.	Netweaver_application_server_java	6.1
2017-09-19	CVE-2017-14581	The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.	Netweaver_application_server_java	7.5
2017-07-25	CVE-2017-11458	Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.	Netweaver_application_server_java	6.1
2017-07-25	CVE-2017-11457	XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.	Netweaver_application_server_java	6.5