Vulnerabilities > SAP > Netweaver Application Server Java > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-21492 Authentication Bypass by Spoofing vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.
network
low complexity
sap CWE-290
4.3
2021-04-13 CVE-2021-21485 Unspecified vulnerability in SAP Netweaver Application Server Java
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
network
low complexity
sap
6.5
2021-03-10 CVE-2021-21491 Open Redirect vulnerability in SAP Netweaver Application Server Java
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-601
6.1
2020-12-09 CVE-2020-26826 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
network
low complexity
sap CWE-434
6.5
2020-12-09 CVE-2020-26816 Cleartext Storage of Sensitive Information vulnerability in SAP Netweaver Application Server Java
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted.
low complexity
sap CWE-312
4.5
2020-10-15 CVE-2020-6365 Open Redirect vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation.
network
low complexity
sap CWE-601
6.1
2020-10-15 CVE-2020-6319 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed.
network
low complexity
sap CWE-79
6.1
2020-09-09 CVE-2020-6313 Improper Encoding or Escaping of Output vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
network
low complexity
sap CWE-116
6.5
2020-07-14 CVE-2020-6286 Path Traversal vulnerability in SAP Netweaver Application Server Java
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.
network
low complexity
sap CWE-22
5.3
2020-07-14 CVE-2020-6282 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application.
network
low complexity
sap CWE-918
5.8