Vulnerabilities > SAP > Netweaver > 7.50

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-2470 Cross-site Scripting vulnerability in SAP Netweaver
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
6.1
2018-09-11 CVE-2018-2464 Cross-site Scripting vulnerability in SAP Netweaver
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
6.1
2018-09-11 CVE-2018-2462 Improper Input Validation vulnerability in SAP Netweaver
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31.
network
low complexity
sap CWE-20
8.8
8.8