Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver application server java vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-42477
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an malicious user to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
Sap Netweaver Application Server Java 7.50
5.3
CVSSv3
CVE-2023-42480
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.
Sap Netweaver Application Server Java 7.50
6.5
CVSSv3
CVE-2017-11457
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
Sap Netweaver Application Server Java 7.50
5.3
CVSSv3
CVE-2022-26103
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an malicious user to access information which could lead to information gathering for further exploits and attacks.
Sap Netweaver Application Server Java 7.50
7.5
CVSSv3
CVE-2017-12637
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Sec...
Sap Netweaver Application Server Java 7.50
4.3
CVSSv3
CVE-2021-33689
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.
Sap Netweaver Application Server Java 7.50
6.5
CVSSv3
CVE-2016-10304
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
Sap Netweaver Application Server Java 7.50
7.5
CVSSv3
CVE-2022-27669
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.
Sap Netweaver Application Server For Java 7.50
9.1
CVSSv3
CVE-2023-30744
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further author...
Sap Netweaver Application Server For Java 7.50
5.3
CVSSv3
CVE-2023-27268
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated malicious user to attach to an open interface and make use of an open naming and directory API to access a service which will enable them ...
Sap Netweaver Application Server For Java 7.50
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »