Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver application server java vulnerabilities and exploits
(subscribe to this query)
510
VMScore
CVE-2016-2388
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
Sap Netweaver Application Server Java
2 EDB exploits
1 Github repository
1 Article
445
VMScore
CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 up to and including 7.5 allows remote malicious users to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
Sap Netweaver Application Server Java
446
VMScore
CVE-2015-2278
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-de...
Sap Maxdb 7.5
Sap Gui -
Sap Maxdb 7.6
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
Sap Netweaver Rfc Sdk -
Sap Rfc Library
1 Article
668
VMScore
CVE-2015-2282
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and ot...
Sap Maxdb 7.5
Sap Gui -
Sap Maxdb 7.6
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
Sap Netweaver Rfc Sdk -
Sap Rfc Library
1 Article
357
VMScore
CVE-2016-10304
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
Sap Netweaver Application Server Java 7.50
383
VMScore
CVE-2017-11458
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote malicious users to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
Sap Netweaver Application Server Java 7.30
NA
CVE-2023-42477
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an malicious user to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
Sap Netweaver Application Server Java 7.50
NA
CVE-2023-42480
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.
Sap Netweaver Application Server Java 7.50
356
VMScore
CVE-2017-11457
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
Sap Netweaver Application Server Java 7.50
356
VMScore
CVE-2021-33689
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.
Sap Netweaver Application Server Java 7.50
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »