Vulnerabilities > SAP > Netweaver Application Server Java

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26103 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
network
low complexity
sap
5.3
2022-02-09 CVE-2022-22532 Unspecified vulnerability in SAP Netweaver Application Server Java
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling.
network
low complexity
sap
critical
9.8
2022-02-09 CVE-2022-22533 Unspecified vulnerability in SAP Netweaver Application Server Java
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer.
network
low complexity
sap
7.5
2021-09-14 CVE-2021-37535 Missing Authorization vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
network
low complexity
sap CWE-862
critical
9.8
2021-07-14 CVE-2021-33670 Unspecified vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
network
low complexity
sap
7.5
2021-07-14 CVE-2021-33687 Information Exposure vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
network
low complexity
sap CWE-200
4.9
2021-07-14 CVE-2021-33689 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created.
network
low complexity
sap
4.3
2021-04-13 CVE-2021-27601 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server.
network
low complexity
sap CWE-79
5.4
2021-04-13 CVE-2021-27598 Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc.
network
low complexity
sap CWE-862
5.3
2021-04-13 CVE-2021-21492 Authentication Bypass by Spoofing vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.
network
low complexity
sap CWE-290
4.3