Vulnerabilities > SAP > Netweaver

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-6181 Unspecified vulnerability in SAP Abap Platform and Netweaver
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
network
low complexity
sap
5.8
2020-02-05 CVE-2011-1517 Unspecified vulnerability in SAP Netweaver 7.0
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function.
network
low complexity
sap
critical
9.8
2020-01-23 CVE-2013-1593 Improper Validation of Array Index vulnerability in SAP Netweaver
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
network
low complexity
sap CWE-129
7.5
2020-01-23 CVE-2013-1592 Classic Buffer Overflow vulnerability in SAP Netweaver
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
network
low complexity
sap CWE-120
critical
9.8
2019-08-14 CVE-2019-0351 Unspecified vulnerability in SAP Netweaver
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50.
network
low complexity
sap
8.8
2019-01-08 CVE-2019-0248 Unspecified vulnerability in SAP Basis and Netweaver
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
network
high complexity
sap
5.9
2018-11-13 CVE-2018-2477 XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
8.8
2018-11-13 CVE-2018-2476 Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
network
low complexity
sap CWE-601
6.1
2018-10-09 CVE-2018-2470 Cross-site Scripting vulnerability in SAP Netweaver
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-09-11 CVE-2018-2464 Cross-site Scripting vulnerability in SAP Netweaver
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1