Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Netweaver_application_server_java
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 65 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-11 | CVE-2024-28164 | SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. | Netweaver_application_server_java | 5.3 | ||
| 2024-06-11 | CVE-2024-34688 | Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application. | Netweaver_application_server_java | 7.5 | ||
| 2017-08-07 | CVE-2017-12637 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. | Netweaver_application_server_java | 7.5 | ||
| 2018-12-11 | CVE-2018-2503 | By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | Netweaver_application_server_java | 7.4 | ||
| 2019-03-12 | CVE-2019-0275 | SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | Netweaver_application_server_java | 5.4 | ||
| 2018-12-11 | CVE-2018-2504 | SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | Netweaver_application_server_java | 6.1 | ||
| 2018-12-11 | CVE-2018-2492 | SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | Netweaver_application_server_java | 7.1 | ||
| 2018-09-11 | CVE-2018-2452 | The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | Netweaver_application_server_java | 6.1 | ||
| 2017-09-19 | CVE-2017-14581 | The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | Netweaver_application_server_java | 7.5 | ||
| 2017-07-25 | CVE-2017-11458 | Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | Netweaver_application_server_java | 6.1 |