Vulnerabilities > SAP > Netweaver Application Server Java

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-28164 Unspecified vulnerability in SAP Netweaver Application Server Java Gpcore7.5
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.
network
low complexity
sap
5.3
2024-06-11 CVE-2024-34688 Unspecified vulnerability in SAP Netweaver Application Server Java Mmrserver7.5
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it.
network
low complexity
sap
7.5
2024-02-13 CVE-2024-24743 XXE vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them.
network
low complexity
sap CWE-611
7.5
2024-02-13 CVE-2024-22126 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL.
network
low complexity
sap CWE-79
8.8
2023-11-14 CVE-2023-42480 Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Netweaver Application Server Java 7.50
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.
network
low complexity
sap CWE-307
5.3
2023-10-10 CVE-2023-42477 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
network
low complexity
sap CWE-918
6.5
2023-09-12 CVE-2023-40309 Incorrect Authorization vulnerability in SAP products
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-863
critical
9.8
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5
2023-03-14 CVE-2023-24526 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges.
network
low complexity
sap CWE-306
5.3
2022-12-12 CVE-2022-41262 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.
network
low complexity
sap CWE-79
6.1