Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver 7.50 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-8913
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security N...
Sap Netweaver Application Server Java 7.50
4.3
CVSSv3
CVE-2021-33689
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.
Sap Netweaver Application Server Java 7.50
6.1
CVSSv3
CVE-2022-41262
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated malicious user to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impa...
Sap Netweaver Application Server Java 7.50
6.5
CVSSv3
CVE-2017-11457
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
Sap Netweaver Application Server Java 7.50
7.5
CVSSv3
CVE-2017-12637
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Sec...
Sap Netweaver Application Server Java 7.50
5.4
CVSSv3
CVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
Sap Netweaver Application Server Java
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
7.2
CVSSv3
CVE-2020-6202
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
Sap Netweaver Application Server Java 7.10
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
7.4
CVSSv3
CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
9.8
CVSSv3
CVE-2021-37535
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
2 Articles
10
CVSSv3
CVE-2020-26829
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal clus...
Sap Netweaver Application Server Java 7.11
Sap Netweaver Application Server Java 7.20
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »