Vulnerabilities > SAP > Netweaver Application Server Java > 7.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-14 | CVE-2020-6224 | Information Exposure vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | 3.5 |
2020-03-10 | CVE-2020-6202 | XXE vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | 6.5 |
2019-11-13 | CVE-2019-0391 | Unspecified vulnerability in SAP Netweaver Application Server Java Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 4.0 |
2019-09-10 | CVE-2019-0355 | Code Injection vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. | 6.5 |
2019-07-10 | CVE-2019-0327 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. | 6.5 |
2019-03-12 | CVE-2019-0275 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | 3.5 |
2016-04-07 | CVE-2016-3976 | Path Traversal vulnerability in SAP Netweaver Application Server Java Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | 5.0 |
2016-02-16 | CVE-2016-2388 | Information Exposure vulnerability in SAP Netweaver Application Server Java The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | 5.0 |