Vulnerabilities > SAP > Netweaver Development Infrastructure

DATE CVE VULNERABILITY TITLE RISK
2022-06-14 CVE-2022-29618 Cross-site Scripting vulnerability in SAP Netweaver Development Infrastructure
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser.
network
sap CWE-79
4.3
2021-09-15 CVE-2021-33690 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Development Infrastructure
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries.
network
low complexity
sap CWE-918
6.5
2021-09-15 CVE-2021-33691 Cross-site Scripting vulnerability in SAP Netweaver Development Infrastructure 7.31/7.40/7.50
NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim.
network
sap CWE-79
4.3
2013-11-20 CVE-2013-6820 Unspecified vulnerability in SAP Netweaver Development Infrastructure
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
network
sap
critical
9.3