Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap web application server vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2005-3635
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allow remote malicious users to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC tes...
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
1 EDB exploit
445
VMScore
CVE-2005-3633
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allows remote malicious users to inject arbitrary HTML headers via the sap-exiturl parameter.
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
505
VMScore
CVE-2005-3634
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allows remote malicious users to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
1 EDB exploit
694
VMScore
CVE-2007-3615
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote malicious users to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related...
Sap Internet Communication Manager
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
Sap Sap Web Application Server 7.0
Sap Sap Web Application Server 7.0.10
645
VMScore
CVE-2006-1039
SAP Web Application Server (WebAS) Kernel prior to 7.0 allows remote malicious users to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Sap Sap Web Application Server 6.10
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
1 EDB exploit
445
VMScore
CVE-2006-5785
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote malicious users to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
Sap Sap Web Application Server 7.00
Sap Sap Web Application Server 6.40
465
VMScore
CVE-2006-5784
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote malicious users to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can b...
Sap Sap Web Application Server 7.00
Sap Sap Web Application Server 6.40
1 EDB exploit
892
VMScore
CVE-2022-22536
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitra...
Sap Netweaver Application Server Abap Krnl64nuc 7.49
Sap Netweaver Application Server Abap Krnl64uc 7.49
Sap Netweaver Application Server Abap Krnl64uc 7.53
Sap Web Dispatcher 7.53
Sap Web Dispatcher 7.77
Sap Web Dispatcher 7.81
Sap Web Dispatcher 7.22ext
Sap Web Dispatcher 7.49
Sap Content Server 7.53
Sap Web Dispatcher 7.85
Sap Web Dispatcher 7.86
Sap Web Dispatcher 7.87
Sap Netweaver Application Server Abap Krnl64nuc 7.22
Sap Netweaver Application Server Abap Krnl64nuc 7.22ext
Sap Netweaver Application Server Abap Krnl64uc 8.04
Sap Netweaver Application Server Abap Krnl64uc 7.22
Sap Netweaver Application Server Abap Krnl64uc 7.22ext
Sap Netweaver Application Server Abap 7.22
Sap Netweaver Application Server Abap 7.49
Sap Netweaver Application Server Abap 7.53
Sap Netweaver Application Server Abap 7.77
Sap Netweaver Application Server Abap 7.81
7 Github repositories
1 Article
540
VMScore
CVE-2006-6010
SAP allows remote malicious users to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Sap Sap Web Application Server
435
VMScore
CVE-2008-2421
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sa...
Sap Sap Web Application Server 7.0
Sap Web Dynpro Bsp
Sap Web Dynpro Abap
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »