Vulnerabilities > SAP > Netweaver Application Server Java
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-26103 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. network sap | 4.3 |
| 2022-02-09 | CVE-2022-22532 | HTTP Request Smuggling vulnerability in SAP Netweaver Application Server Java In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. | 9.8 |
| 2022-02-09 | CVE-2022-22533 | Use After Free vulnerability in SAP Netweaver Application Server Java Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. | 7.5 |
| 2021-09-14 | CVE-2021-37535 | Missing Authorization vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. | 7.5 |
| 2021-07-14 | CVE-2021-33670 | Unspecified vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | 5.0 |
| 2021-07-14 | CVE-2021-33687 | Information Exposure vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. | 4.0 |
| 2021-07-14 | CVE-2021-33689 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. | 4.0 |
| 2021-04-13 | CVE-2021-27598 | Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. | 5.3 |
| 2021-04-13 | CVE-2021-21485 | Unspecified vulnerability in SAP Netweaver Application Server Java An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. network sap | 4.3 |
| 2021-03-10 | CVE-2021-21491 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 5.8 |