Vulnerabilities > SAP > Netweaver > 7.40
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-13 | CVE-2022-28217 | Unspecified vulnerability in SAP Netweaver Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash. | 6.5 |
| 2021-09-14 | CVE-2021-38163 | Path Traversal vulnerability in SAP Netweaver SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. | 8.8 |
| 2021-03-09 | CVE-2021-21481 | Incorrect Authorization vulnerability in SAP Netweaver The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. | 8.8 |
| 2020-07-14 | CVE-2020-6285 | Unspecified vulnerability in SAP Netweaver SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 6.5 |
| 2020-03-10 | CVE-2020-6203 | Path Traversal vulnerability in SAP Netweaver SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. | 9.1 |
| 2020-02-12 | CVE-2020-6185 | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. | 5.4 |
| 2020-02-12 | CVE-2020-6184 | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-02-12 | CVE-2020-6181 | Unspecified vulnerability in SAP Abap Platform and Netweaver Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. | 5.8 |
| 2019-08-14 | CVE-2019-0351 | Unspecified vulnerability in SAP Netweaver A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. | 8.8 |
| 2018-11-13 | CVE-2018-2477 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | 8.8 |