Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.40 vulnerabilities and exploits
(subscribe to this query)
8.3
CVSSv2
CVE-2021-21481
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized malicious user to access configuration objects, including such that grant administrative privileges. T...
Sap Netweaver 7.30
Sap Netweaver 7.11
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver 7.20
Sap Netweaver 7.10
Sap Netweaver 7.50
1 Article
3.5
CVSSv2
CVE-2020-6285
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an malicious user to access information which would otherwise be restricted, leading to Information Disclosure.
Sap Netweaver 7.30
Sap Netweaver 7.11
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver 7.20
Sap Netweaver 7.10
Sap Netweaver 7.50
1 Article
4.3
CVSSv2
CVE-2018-2365
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Portal 7.30
Sap Netweaver Portal 7.31
Sap Netweaver Portal 7.40
Sap Netweaver Portal 7.50
4.3
CVSSv2
CVE-2016-2387
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220...
Sap Netweaver 7.40
7.8
CVSSv2
CVE-2016-2389
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Secu...
Sap Netweaver 7.40
1 EDB exploit
4.3
CVSSv2
CVE-2016-1911
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Secur...
Sap Netweaver 7.40
7.8
CVSSv2
CVE-2017-9845
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote malicious users to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
Sap Netweaver 7.40
9
CVSSv2
CVE-2016-7435
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL '...
Sap Netweaver 7.40
2.1
CVSSv2
CVE-2016-7437
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP...
Sap Netweaver 7.40
5
CVSSv2
CVE-2015-2817
The SAP Management Console in SAP NetWeaver 7.40 allows remote malicious users to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
Sap Netweaver 7.40
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »