Show filters
53 Total Results
Displaying 41-50 of 53
Sort by:
Attacker Value
Unknown
CVE-2019-0355
Disclosure Date: September 10, 2019 (last updated November 27, 2024)
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
0
Attacker Value
Unknown
CVE-2019-0345
Disclosure Date: August 14, 2019 (last updated November 27, 2024)
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.
0
Attacker Value
Unknown
CVE-2019-0327
Disclosure Date: July 10, 2019 (last updated November 27, 2024)
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
0
Attacker Value
Unknown
CVE-2019-0275
Disclosure Date: March 12, 2019 (last updated November 27, 2024)
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
0
Attacker Value
Unknown
CVE-2018-2504
Disclosure Date: December 11, 2018 (last updated November 27, 2024)
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
0
Attacker Value
Unknown
CVE-2018-2503
Disclosure Date: December 11, 2018 (last updated November 27, 2024)
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
0
Attacker Value
Unknown
CVE-2018-2492
Disclosure Date: December 11, 2018 (last updated November 27, 2024)
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
0
Attacker Value
Unknown
CVE-2018-2452
Disclosure Date: September 11, 2018 (last updated November 27, 2024)
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
0
Attacker Value
Unknown
CVE-2017-12637
Disclosure Date: August 07, 2017 (last updated February 15, 2024)
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
0
Attacker Value
Unknown
CVE-2017-11457
Disclosure Date: July 25, 2017 (last updated November 26, 2024)
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
0
