Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver application server java 7.30 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-0355
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (prior to 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (prior to 6.40, 7.0, 7.01), allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behaviour...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.20
4.3
CVSSv2
CVE-2021-21485
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the malicious user to gain NTLM hashes of a privileged user.
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
4
CVSSv2
CVE-2021-33687
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
6.5
CVSSv2
CVE-2020-6202
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
9
CVSSv2
CVE-2020-26829
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal clus...
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
1 Article
3.3
CVSSv2
CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
4
CVSSv2
CVE-2019-0391
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an malicious user to access information which would otherwise be restricted.
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
4.3
CVSSv2
CVE-2020-6319
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated malicious user to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attack...
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
5.8
CVSSv2
CVE-2020-6365
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote malicious user to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal...
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
2.7
CVSSv2
CVE-2020-26816
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has ad...
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »