Vulnerabilities > SAP > Netweaver Application Server Java > 7.50

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2019-0327 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
network
low complexity
sap CWE-434
6.5
6.5
2019-03-12 CVE-2019-0275 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
network
sap CWE-79
3.5
3.5
2018-12-11 CVE-2018-2503 Missing Authorization vulnerability in SAP Netweaver Application Server Java
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected.
low complexity
sap CWE-862
3.3
3.3
2017-08-07 CVE-2017-12637 Path Traversal vulnerability in SAP Netweaver Application Server Java 7.50
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a ..
network
low complexity
sap CWE-22
7.5
7.5
2016-11-23 CVE-2016-9563 XXE vulnerability in SAP Netweaver Application Server Java 7.50
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
network
low complexity
sap CWE-611
4.0
4.0
2016-04-07 CVE-2016-3976 Path Traversal vulnerability in SAP Netweaver Application Server Java
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
network
low complexity
sap CWE-22
5.0
5.0
2016-02-16 CVE-2016-2388 Information Exposure vulnerability in SAP Netweaver Application Server Java
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
network
low complexity
sap CWE-200
5.0
5.0