Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2013-1592
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remot...
Sap Netweaver 7.01
Sap Netweaver 7.02
Sap Netweaver 7.30
Sap Netweaver 2004s
1 EDB exploit
945
VMScore
CVE-2012-2611
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote malicious users to execute arbitrary code via a...
Sap Netweaver 7.0
3 EDB exploits
1 Github repository
894
VMScore
CVE-2012-4341
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote malicious users to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a pac...
Sap Netweaver Abap 7.0
Sap Netweaver Abap 7.02
Sap Netweaver Abap 7.03
893
VMScore
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
9 Github repositories
2 Articles
892
VMScore
CVE-2022-22536
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitra...
Sap Netweaver Application Server Abap Krnl64nuc 7.49
Sap Netweaver Application Server Abap Krnl64uc 7.49
Sap Netweaver Application Server Abap Krnl64uc 7.53
Sap Web Dispatcher 7.53
Sap Web Dispatcher 7.77
Sap Web Dispatcher 7.81
Sap Web Dispatcher 7.22ext
Sap Web Dispatcher 7.49
Sap Content Server 7.53
Sap Web Dispatcher 7.85
Sap Web Dispatcher 7.86
Sap Web Dispatcher 7.87
Sap Netweaver Application Server Abap Krnl64nuc 7.22
Sap Netweaver Application Server Abap Krnl64nuc 7.22ext
Sap Netweaver Application Server Abap Krnl64uc 8.04
Sap Netweaver Application Server Abap Krnl64uc 7.22
Sap Netweaver Application Server Abap Krnl64uc 7.22ext
Sap Netweaver Application Server Abap 7.22
Sap Netweaver Application Server Abap 7.49
Sap Netweaver Application Server Abap 7.53
Sap Netweaver Application Server Abap 7.77
Sap Netweaver Application Server Abap 7.81
7 Github repositories
1 Article
890
VMScore
CVE-2010-5326
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly prior to 7.3, does not require authentication, which allows remote malicious users to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "D...
Sap Netweaver Application Server Java
1 Article
890
VMScore
CVE-2013-6822
GRMGApp in SAP NetWeaver allows remote malicious users to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
Sap Netweaver -
828
VMScore
CVE-2013-6820
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote malicious users to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
Sap Netweaver Development Infrastructure -
828
VMScore
CVE-2010-4556
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote malicious users to execute arbitrary code via the (1) Load and (2) LoadTheme methods.
Sap Netweaver Business Client
802
VMScore
CVE-2020-26820
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use...
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »