Vulnerabilities > SAP > Netweaver Application Server Java > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-34688 Unspecified vulnerability in SAP Netweaver Application Server Java Mmrserver7.5
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it.
network
low complexity
sap
7.5
2024-02-13 CVE-2024-24743 XXE vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them.
network
low complexity
sap CWE-611
7.5
2024-02-13 CVE-2024-22126 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL.
network
low complexity
sap CWE-79
8.8
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5
2022-02-09 CVE-2022-22533 Use After Free vulnerability in SAP Netweaver Application Server Java
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer.
network
low complexity
sap CWE-416
7.5
2021-09-14 CVE-2021-37535 Missing Authorization vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
network
low complexity
sap CWE-862
7.5
2020-08-12 CVE-2020-6309 Improper Authentication vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
network
low complexity
sap CWE-287
7.8
2020-06-10 CVE-2020-6263 Improper Authentication vulnerability in SAP Netweaver Application Server Java
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
network
low complexity
sap CWE-287
7.5
2017-08-07 CVE-2017-12637 Path Traversal vulnerability in SAP Netweaver Application Server Java 7.50
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a ..
network
low complexity
sap CWE-22
7.5