Vulnerabilities > SAP > Netweaver Application Server Java > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-34688 Unspecified vulnerability in SAP Netweaver Application Server Java Mmrserver7.5
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it.
network
low complexity
sap
7.5
2024-02-13 CVE-2024-24743 XXE vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them.
network
low complexity
sap CWE-611
7.5
2024-02-13 CVE-2024-22126 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL.
network
low complexity
sap CWE-79
8.8
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5
2022-02-09 CVE-2022-22533 Use After Free vulnerability in SAP Netweaver Application Server Java
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer.
network
low complexity
sap CWE-416
7.5
2021-07-14 CVE-2021-33670 Unspecified vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
network
low complexity
sap
7.5
2020-11-10 CVE-2020-26820 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file.
network
low complexity
sap CWE-434
7.2
2020-08-12 CVE-2020-6309 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
network
low complexity
sap CWE-306
7.5
2020-03-10 CVE-2020-6202 Improper Input Validation vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
network
low complexity
sap CWE-20
7.2
2019-11-13 CVE-2019-0389 Unspecified vulnerability in SAP Netweaver Application Server Java
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.
network
low complexity
sap
8.8