Vulnerabilities > SAP > Netweaver Application Server Java > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-13 CVE-2019-0391 Unspecified vulnerability in SAP Netweaver Application Server Java
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
4.0
2019-11-13 CVE-2019-0389 Unspecified vulnerability in SAP Netweaver Application Server Java
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.
network
low complexity
sap
6.5
2019-09-10 CVE-2019-0355 Code Injection vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
6.5
2019-08-14 CVE-2019-0345 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.
network
low complexity
sap CWE-918
5.0
2019-07-10 CVE-2019-0327 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
network
low complexity
sap CWE-434
6.5
2016-11-23 CVE-2016-9563 XXE vulnerability in SAP Netweaver Application Server Java 7.50
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
network
low complexity
sap CWE-611
4.0
2016-04-07 CVE-2016-3976 Path Traversal vulnerability in SAP Netweaver Application Server Java
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
network
low complexity
sap CWE-22
5.0
2016-02-16 CVE-2016-2388 Information Exposure vulnerability in SAP Netweaver Application Server Java
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
network
low complexity
sap CWE-200
5.0