Vulnerabilities > SAP > Netweaver Application Server Java
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-28164 | Unspecified vulnerability in SAP Netweaver Application Server Java Gpcore7.5 SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. | 5.3 |
| 2024-06-11 | CVE-2024-34688 | Unspecified vulnerability in SAP Netweaver Application Server Java Mmrserver7.5 Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. | 7.5 |
| 2024-02-13 | CVE-2024-24743 | XXE vulnerability in SAP Netweaver Application Server Java 7.50 SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. | 7.5 |
| 2024-02-13 | CVE-2024-22126 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50 The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. | 8.8 |
| 2023-11-14 | CVE-2023-42480 | Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Netweaver Application Server Java 7.50 The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | 5.3 |
| 2023-10-10 | CVE-2023-42477 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java 7.50 SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | 6.5 |
| 2023-09-12 | CVE-2023-40309 | Incorrect Authorization vulnerability in SAP products SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. | 9.8 |
| 2023-09-12 | CVE-2023-40308 | Out-of-bounds Write vulnerability in SAP products SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. | 7.5 |
| 2023-03-14 | CVE-2023-24526 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java 7.50 SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. | 5.3 |
| 2022-12-12 | CVE-2022-41262 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50 Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. | 6.1 |