Show filters
1,202 Total Results
Displaying 151-160 of 1,202
Sort by:
Attacker Value
Unknown

CVE-2023-0017

Disclosure Date: January 10, 2023 (last updated February 24, 2025)
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.
Attacker Value
Unknown

CVE-2023-0014

Disclosure Date: January 10, 2023 (last updated February 24, 2025)
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
Attacker Value
Unknown

CVE-2023-0013

Disclosure Date: January 10, 2023 (last updated February 24, 2025)
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
Attacker Value
Unknown

CVE-2022-41262

Disclosure Date: December 12, 2022 (last updated February 24, 2025)
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application.
Attacker Value
Unknown

CVE-2022-40870

Disclosure Date: November 23, 2022 (last updated February 24, 2025)
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
Attacker Value
Unknown

CVE-2022-40750

Disclosure Date: November 11, 2022 (last updated February 24, 2025)
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.
Attacker Value
Unknown

CVE-2022-41214

Disclosure Date: November 08, 2022 (last updated February 24, 2025)
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.
Attacker Value
Unknown

CVE-2022-41215

Disclosure Date: November 08, 2022 (last updated February 24, 2025)
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
Attacker Value
Unknown

CVE-2022-41212

Disclosure Date: November 08, 2022 (last updated February 24, 2025)
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.
Attacker Value
Unknown

CVE-2022-38712

Disclosure Date: November 03, 2022 (last updated February 24, 2025)
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."