Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.20 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2020-6309
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the malicious user to send several payloads and leading to complete denial of service.
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
4.3
CVSSv2
CVE-2020-6319
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated malicious user to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attack...
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
5.8
CVSSv2
CVE-2020-6365
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote malicious user to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal...
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
2.7
CVSSv2
CVE-2020-26816
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has ad...
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
4.3
CVSSv2
CVE-2021-27620
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() whic...
Sap Netweaver As Internet Graphics Server 7.20
Sap Netweaver As Internet Graphics Server 7.20ext
Sap Netweaver As Internet Graphics Server 7.20ex2
Sap Netweaver As Internet Graphics Server 7.53
Sap Netweaver As Internet Graphics Server 7.81
4.3
CVSSv2
CVE-2021-27622
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadIm...
Sap Netweaver As Internet Graphics Server 7.20
Sap Netweaver As Internet Graphics Server 7.20ext
Sap Netweaver As Internet Graphics Server 7.20ex2
Sap Netweaver As Internet Graphics Server 7.53
Sap Netweaver As Internet Graphics Server 7.81
4.3
CVSSv2
CVE-2021-27623
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckL...
Sap Netweaver As Internet Graphics Server 7.20
Sap Netweaver As Internet Graphics Server 7.20ext
Sap Netweaver As Internet Graphics Server 7.20ex2
Sap Netweaver As Internet Graphics Server 7.53
Sap Netweaver As Internet Graphics Server 7.81
4.3
CVSSv2
CVE-2021-27624
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuff...
Sap Netweaver As Internet Graphics Server 7.20
Sap Netweaver As Internet Graphics Server 7.20ext
Sap Netweaver As Internet Graphics Server 7.20ex2
Sap Netweaver As Internet Graphics Server 7.53
Sap Netweaver As Internet Graphics Server 7.81
1 Github repository
4.3
CVSSv2
CVE-2021-27625
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory...
Sap Netweaver As Internet Graphics Server 7.20
Sap Netweaver As Internet Graphics Server 7.20ext
Sap Netweaver As Internet Graphics Server 7.20ex2
Sap Netweaver As Internet Graphics Server 7.53
Sap Netweaver As Internet Graphics Server 7.81
4.3
CVSSv2
CVE-2021-27626
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Par...
Sap Netweaver As Internet Graphics Server 7.20
Sap Netweaver As Internet Graphics Server 7.20ext
Sap Netweaver As Internet Graphics Server 7.20ex2
Sap Netweaver As Internet Graphics Server 7.53
Sap Netweaver As Internet Graphics Server 7.81
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »