Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.50 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-6193
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated malicious user to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
383
VMScore
CVE-2022-35227
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote malicious user to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the malicious user to execute arbitrar...
Sap Netweaver Enterprise Portal 7.31
Sap Netweaver Enterprise Portal 7.30
Sap Netweaver Enterprise Portal 7.40
Sap Netweaver Enterprise Portal 7.50
231
VMScore
CVE-2021-33703
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability...
Sap Netweaver Enterprise Portal 7.30
Sap Netweaver Enterprise Portal 7.31
Sap Netweaver Enterprise Portal 7.40
Sap Netweaver Enterprise Portal 7.50
516
VMScore
CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote malicious users to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the malicious user to compromise the user's confidentiality and integrity.
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
383
VMScore
CVE-2022-29618
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated malicious user to inject script into the URL and execute code in the user’s browser. On successful exploitati...
Sap Netweaver Development Infrastructure 7.30
Sap Netweaver Development Infrastructure 7.31
Sap Netweaver Development Infrastructure 7.40
Sap Netweaver Development Infrastructure 7.50
570
VMScore
CVE-2020-6293
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated malicious user to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other ...
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
490
VMScore
CVE-2020-6366
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.
Sap Netweaver Compare Systems 7.20
Sap Netweaver Compare Systems 7.30
Sap Netweaver Compare Systems 7.31
Sap Netweaver Compare Systems 7.40
Sap Netweaver Compare Systems 7.50
356
VMScore
CVE-2021-27599
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an malicious user to access information under certain conditions, which would otherwise be restricted.
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.50
578
VMScore
CVE-2021-33690
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who h...
Sap Netweaver Development Infrastructure 7.11
Sap Netweaver Development Infrastructure 7.20
Sap Netweaver Development Infrastructure 7.30
Sap Netweaver Development Infrastructure 7.31
Sap Netweaver Development Infrastructure 7.40
Sap Netweaver Development Infrastructure 7.50
1 Github repository
578
VMScore
CVE-2021-33671
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of ...
Sap Netweaver Guided Procedures 7.10
Sap Netweaver Guided Procedures 7.20
Sap Netweaver Guided Procedures 7.30
Sap Netweaver Guided Procedures 7.31
Sap Netweaver Guided Procedures 7.40
Sap Netweaver Guided Procedures 7.50
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »