Vulnerabilities > SAP > Netweaver Application Server Abap > 7.85

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-35294 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack.
network
low complexity
sap CWE-79
5.4
2022-09-13 CVE-2022-39799 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.
network
low complexity
sap CWE-79
6.1
2022-02-09 CVE-2022-22536 HTTP Request Smuggling vulnerability in SAP products
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.
network
low complexity
sap CWE-444
critical
10.0