Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.31 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.40
516
VMScore
CVE-2018-2476
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
Sap Netweaver 7.30
Sap Netweaver 7.40
Sap Netweaver 7.31
578
VMScore
CVE-2018-2477
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
Sap Netweaver 7.40
Sap Netweaver 7.31
Sap Netweaver 7.50
Sap Netweaver 7.30
801
VMScore
CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with ...
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver 7.50
1 Github repository
1 Article
578
VMScore
CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
Sap Netweaver 7.40
Sap Netweaver 7.41
Sap Netweaver 7.50
Sap Netweaver 7.30
Sap Netweaver 7.31
383
VMScore
CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver 7.31
Sap Netweaver 7.50
Sap Netweaver 7.30
Sap Netweaver 7.40
Sap Netweaver 7.20
356
VMScore
CVE-2022-28217
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s ...
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver 7.20
Sap Netweaver 7.50
578
VMScore
CVE-2019-0351
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including ...
Sap Netweaver 7.40
Sap Netweaver 7.10
Sap Netweaver 7.20
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.50
1 Article
570
VMScore
CVE-2020-6203
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an malicious user to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed t...
Sap Netweaver 7.10
Sap Netweaver 7.11
Sap Netweaver 7.20
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver 7.50
312
VMScore
CVE-2020-6285
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an malicious user to access information which would otherwise be restricted, leading to Information Disclosure.
Sap Netweaver 7.10
Sap Netweaver 7.11
Sap Netweaver 7.20
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver 7.50
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »