Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netweaver vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
NA
CVE-2024-27898
SAP NetWeaver application, due to insufficient input validation, allows an malicious user to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in ...
NA
CVE-2024-27899
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an malicious user to cause profound impact on confidentiality ...
NA
CVE-2024-25644
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an malicious user to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.
NA
CVE-2024-25645
Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an malicious user to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application...
NA
CVE-2024-27902
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious malicious user to access and modify data thro...
NA
CVE-2024-22127
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the malicious user to run commands which can caus...
NA
CVE-2024-28163
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an malicious user to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the app...
NA
CVE-2024-24740
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an malicious user to access information which could otherwise be restricted with low impac...
NA
CVE-2024-24743
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated malicious user to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are exp...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »