Vulnerabilities > SAP > Netweaver Application Server Java > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-28164 Unspecified vulnerability in SAP Netweaver Application Server Java Gpcore7.5
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.
network
low complexity
sap
5.3
2023-11-14 CVE-2023-42480 Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Netweaver Application Server Java 7.50
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.
network
low complexity
sap CWE-307
5.3
2023-10-10 CVE-2023-42477 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
network
low complexity
sap CWE-918
6.5
2023-03-14 CVE-2023-24526 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges.
network
low complexity
sap CWE-306
5.3
2022-12-12 CVE-2022-41262 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.
network
low complexity
sap CWE-79
6.1
2022-03-10 CVE-2022-26103 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
network
low complexity
sap
5.3
2021-07-14 CVE-2021-33687 Information Exposure vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
network
low complexity
sap CWE-200
4.9
2021-07-14 CVE-2021-33689 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created.
network
low complexity
sap
4.3
2021-04-13 CVE-2021-27601 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server.
network
low complexity
sap CWE-79
5.4
2021-04-13 CVE-2021-27598 Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc.
network
low complexity
sap CWE-862
5.3