Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver application server java 7.50 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-27669
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.
Sap Netweaver Application Server For Java 7.50
5.3
CVSSv3
CVE-2022-26103
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an malicious user to access information which could lead to information gathering for further exploits and attacks.
Sap Netweaver Application Server Java 7.50
9.8
CVSSv3
CVE-2021-37535
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
2 Articles
7.5
CVSSv3
CVE-2021-33670
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an malicious user to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitim...
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
4.9
CVSSv3
CVE-2021-33687
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
4.3
CVSSv3
CVE-2021-33689
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.
Sap Netweaver Application Server Java 7.50
4.9
CVSSv3
CVE-2021-27621
Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows malicious users to access restricted information by entering malicious server name.
Sap Netweaver Application Server For Java 7.20
Sap Netweaver Application Server For Java 7.30
Sap Netweaver Application Server For Java 7.31
Sap Netweaver Application Server For Java 7.40
Sap Netweaver Application Server For Java 7.11
Sap Netweaver Application Server For Java 7.50
6.5
CVSSv3
CVE-2021-27635
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables malicious us...
Sap Netweaver Application Server For Java 7.20
Sap Netweaver Application Server For Java 7.30
Sap Netweaver Application Server For Java 7.31
Sap Netweaver Application Server For Java 7.40
Sap Netweaver Application Server For Java 7.50
4.3
CVSSv3
CVE-2021-21492
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.
6.5
CVSSv3
CVE-2021-21485
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the malicious user to gain NTLM hashes of a privileged user.
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
Sap Netweaver Application Server Java 7.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »