Vulnerabilities > SAP > Netweaver Application Server Java > 7.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-37535 | Missing Authorization vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. | 9.8 |
| 2021-07-14 | CVE-2021-33670 | Unspecified vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | 7.5 |
| 2021-04-13 | CVE-2021-27601 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. | 5.4 |
| 2021-04-13 | CVE-2021-21492 | Authentication Bypass by Spoofing vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. | 4.3 |
| 2021-03-10 | CVE-2021-21491 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 6.1 |
| 2020-12-09 | CVE-2020-26829 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. | 10.0 |
| 2020-12-09 | CVE-2020-26816 | Cleartext Storage of Sensitive Information vulnerability in SAP Netweaver Application Server Java SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. | 4.5 |
| 2020-10-15 | CVE-2020-6365 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. | 6.1 |
| 2020-10-15 | CVE-2020-6319 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. | 6.1 |
| 2020-08-12 | CVE-2020-6309 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. | 7.5 |