Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap application server java vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv3
CVE-2020-6190
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
6.5
CVSSv3
CVE-2020-6313
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
5.3
CVSSv3
CVE-2020-6286
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated malicious user to exploit a method to download zip files to a specific directory, leadin...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
6 Github repositories
1 Article
10
CVSSv3
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
1 Metasploit module
9 Github repositories
2 Articles
4.9
CVSSv3
CVE-2021-27621
Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows malicious users to access restricted information by entering malicious server name.
Sap Netweaver Application Server For Java 7.20
Sap Netweaver Application Server For Java 7.30
Sap Netweaver Application Server For Java 7.31
Sap Netweaver Application Server For Java 7.40
Sap Netweaver Application Server For Java 7.11
Sap Netweaver Application Server For Java 7.50
6.5
CVSSv3
CVE-2021-27635
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables malicious us...
Sap Netweaver Application Server For Java 7.20
Sap Netweaver Application Server For Java 7.30
Sap Netweaver Application Server For Java 7.31
Sap Netweaver Application Server For Java 7.40
Sap Netweaver Application Server For Java 7.50
6.5
CVSSv3
CVE-2020-26826
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an malicious user to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
5.3
CVSSv3
CVE-2021-27598
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an malicious user to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
7.5
CVSSv3
CVE-2023-40308
SAP CommonCryptoLib allows an unauthenticated malicious user to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any ...
Sap Netweaver Application Server Abap Kernel 7.53
Sap Netweaver Application Server Abap Kernel 7.77
Sap Web Dispatcher 7.53
Sap Web Dispatcher 7.77
Sap Web Dispatcher 7.22ext
Sap Content Server 7.53
Sap Web Dispatcher 7.85
Sap Netweaver Application Server Abap Kernel 7.22
Sap Netweaver Application Server Abap Kernel 8.04
Sap Netweaver Application Server Abap 7.22ext
Sap Netweaver Application Server Abap Kernel 7.85
Sap Web Dispatcher 7.89
Sap Web Dispatcher 7.54
Sap Netweaver Application Server Abap Kernel 7.89
Sap Netweaver Application Server Abap Kernel 7.54
Sap Netweaver Application Server Abap Kernel 7.92
Sap Netweaver Application Server Abap Kernel 7.93
Sap Content Server 6.50
Sap Content Server 7.54
Sap Hana Database 2.0
Sap Host Agent 722
Sap Extended Application Services And Runtime 1.0
9.8
CVSSv3
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could a...
Sap Netweaver Application Server Abap Kernel 7.53
Sap Netweaver Application Server Abap Kernel 7.77
Sap Web Dispatcher 7.53
Sap Web Dispatcher 7.77
Sap Web Dispatcher 7.22ext
Sap Content Server 7.53
Sap Web Dispatcher 7.85
Sap Netweaver Application Server Abap Kernel 7.22
Sap Netweaver Application Server Abap Kernel 8.04
Sap Netweaver Application Server Abap 7.22ext
Sap Netweaver Application Server Abap Kernel 7.85
Sap Web Dispatcher 7.89
Sap Web Dispatcher 7.54
Sap Netweaver Application Server Abap Kernel 7.89
Sap Netweaver Application Server Abap Kernel 7.54
Sap Netweaver Application Server Abap Kernel 7.92
Sap Netweaver Application Server Abap Kernel 7.93
Sap Content Server 6.50
Sap Content Server 7.54
Sap Hana Database 2.0
Sap Host Agent 722
Sap Extended Application Services And Runtime 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »