Vulnerabilities > SAP > Netweaver Application Server Java > 7.30
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-10 | CVE-2019-0355 | Code Injection vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. | 6.5 |
2019-08-14 | CVE-2019-0345 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery. | 5.0 |
2019-07-10 | CVE-2019-0327 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. | 6.5 |
2019-03-12 | CVE-2019-0275 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | 3.5 |
2018-12-11 | CVE-2018-2503 | Missing Authorization vulnerability in SAP Netweaver Application Server Java By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. | 3.3 |
2016-04-07 | CVE-2016-3976 | Path Traversal vulnerability in SAP Netweaver Application Server Java Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | 5.0 |
2016-02-16 | CVE-2016-2388 | Information Exposure vulnerability in SAP Netweaver Application Server Java The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | 5.0 |