Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap sap web application server 7.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2005-3633
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allows remote malicious users to inject arbitrary HTML headers via the sap-exiturl parameter.
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
Sap Sap Web Application Server 7.0
505
VMScore
CVE-2005-3634
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allows remote malicious users to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Sap Sap Web Application Server 6.40
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
1 EDB exploit
435
VMScore
CVE-2005-3635
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allow remote malicious users to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC tes...
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
1 EDB exploit
645
VMScore
CVE-2006-1039
SAP Web Application Server (WebAS) Kernel prior to 7.0 allows remote malicious users to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
Sap Sap Web Application Server 6.10
1 EDB exploit
435
VMScore
CVE-2008-2421
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sa...
Sap Sap Web Application Server 7.0
Sap Web Dynpro Abap
Sap Web Dynpro Bsp
1 EDB exploit
435
VMScore
CVE-2005-3636
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote malicious users to inject arbitrary web script or HTML via Error Pages.
Sap Sap Web Application Server 6.10
1 EDB exploit
578
VMScore
CVE-2019-0355
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (prior to 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (prior to 6.40, 7.0, 7.01), allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behaviour...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.20
445
VMScore
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 up to and including 7.5 allows remote malicious users to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
Sap Netweaver Application Server Java
694
VMScore
CVE-2007-3615
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote malicious users to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related...
Sap Internet Communication Manager
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 7.0.10
383
VMScore
CVE-2009-2932
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote malicious users to inject arbitrary web script or HTML via the TModel Key field.
Sap Netweaver 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »