Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.50 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41271
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations....
Sap Netweaver Process Integration 7.50
NA
CVE-2022-41272
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to per...
Sap Netweaver Process Integration 7.50
1 Github repository
NA
CVE-2023-26461
SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows th...
Sap Netweaver Enterprise Portal 7.50
NA
CVE-2022-35298
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromi...
Sap Netweaver Enterprise Portal 7.50
NA
CVE-2023-35872
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configu...
Sap Netweaver Process Integration 7.50
NA
CVE-2023-35873
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configur...
Sap Netweaver Process Integration 7.50
NA
CVE-2023-28761
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and int...
Sap Netweaver Enterprise Portal 7.50
383
VMScore
CVE-2022-24395
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Enterprise Portal 7.10
Sap Netweaver Enterprise Portal 7.11
Sap Netweaver Enterprise Portal 7.20
Sap Netweaver Enterprise Portal 7.30
Sap Netweaver Enterprise Portal 7.31
Sap Netweaver Enterprise Portal 7.40
Sap Netweaver Enterprise Portal 7.50
356
VMScore
CVE-2019-0278
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an malicious user to see the names of database tables used by the application, leading to information ...
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.50
Sap Netweaver Process Integration 7.20
383
VMScore
CVE-2019-0305
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjac...
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.50
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.20
Sap Netweaver Process Integration 7.31
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »