Vulnerabilities > SAP > Netweaver Application Server Java

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26103 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
network
sap
4.3
2022-02-09 CVE-2022-22532 HTTP Request Smuggling vulnerability in SAP Netweaver Application Server Java
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling.
network
low complexity
sap CWE-444
critical
9.8
2022-02-09 CVE-2022-22533 Use After Free vulnerability in SAP Netweaver Application Server Java
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer.
network
low complexity
sap CWE-416
7.5
2021-09-14 CVE-2021-37535 Missing Authorization vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
network
low complexity
sap CWE-862
7.5
2021-07-14 CVE-2021-33670 Unspecified vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
network
low complexity
sap
5.0
2021-07-14 CVE-2021-33687 Information Exposure vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
network
low complexity
sap CWE-200
4.0
2021-07-14 CVE-2021-33689 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created.
network
low complexity
sap
4.0
2021-04-13 CVE-2021-27598 Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc.
network
low complexity
sap CWE-862
5.3
2021-04-13 CVE-2021-21485 Unspecified vulnerability in SAP Netweaver Application Server Java
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
network
sap
4.3
2021-03-10 CVE-2021-21491 Open Redirect vulnerability in SAP Netweaver Application Server Java
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
sap CWE-601
5.8