Vulnerabilities > SAP > Netweaver

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-22534 Cross-site Scripting vulnerability in SAP Netweaver
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password.
network
low complexity
sap CWE-79
6.1
2021-10-12 CVE-2021-38183 Cross-site Scripting vulnerability in SAP Netweaver
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.
network
sap CWE-79
4.3
2021-09-14 CVE-2021-38163 Path Traversal vulnerability in SAP Netweaver
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process.
network
low complexity
sap CWE-22
8.8
2021-03-09 CVE-2021-21481 Incorrect Authorization vulnerability in SAP Netweaver
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check.
low complexity
sap CWE-863
8.3
2020-07-14 CVE-2020-6285 Information Exposure vulnerability in SAP Netweaver
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
sap CWE-200
3.5
2020-03-10 CVE-2020-6203 Path Traversal vulnerability in SAP Netweaver
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
network
low complexity
sap CWE-22
6.4
2020-02-12 CVE-2020-6185 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
network
sap CWE-79
3.5
2020-02-12 CVE-2020-6184 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2020-02-12 CVE-2020-6181 Unspecified vulnerability in SAP Abap Platform and Netweaver
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
network
low complexity
sap
5.0
2020-02-05 CVE-2011-1517 Remote Code Execution and Denial of Service vulnerability in SAP Netweaver 7.0
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function.
network
low complexity
sap
7.5