Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.50 vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2020-6284
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the executio...
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
1 Article
6.4
CVSSv2
CVE-2020-6293
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated malicious user to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other ...
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
3.5
CVSSv2
CVE-2020-6326
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated malicious user to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stor...
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
4.3
CVSSv2
CVE-2020-6193
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated malicious user to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
2.6
CVSSv2
CVE-2021-33703
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability...
Sap Netweaver Enterprise Portal 7.30
Sap Netweaver Enterprise Portal 7.31
Sap Netweaver Enterprise Portal 7.40
Sap Netweaver Enterprise Portal 7.50
5.8
CVSSv2
CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote malicious users to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the malicious user to compromise the user's confidentiality and integrity.
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
4
CVSSv2
CVE-2021-27599
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an malicious user to access information under certain conditions, which would otherwise be restricted.
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.50
5.5
CVSSv2
CVE-2020-6366
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.
Sap Netweaver Compare Systems 7.20
Sap Netweaver Compare Systems 7.30
Sap Netweaver Compare Systems 7.31
Sap Netweaver Compare Systems 7.40
Sap Netweaver Compare Systems 7.50
4
CVSSv2
CVE-2021-21488
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability...
Sap Netweaver Knowledge Management 7.01
Sap Netweaver Knowledge Management 7.02
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
5.5
CVSSv2
CVE-2019-0283
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be ac...
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.50
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »