Vulnerabilities > SAP > Netweaver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-2476 | Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40 Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | 6.1 |
| 2018-10-09 | CVE-2018-2470 | Cross-site Scripting vulnerability in SAP Netweaver In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-09-11 | CVE-2018-2464 | Cross-site Scripting vulnerability in SAP Netweaver SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-09-11 | CVE-2018-2462 | Improper Input Validation vulnerability in SAP Netweaver In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. | 8.8 |
| 2018-07-10 | CVE-2018-2434 | Insufficient Verification of Data Authenticity vulnerability in SAP Netweaver, UI Infra and User Interface Technology A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). | 4.3 |
| 2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
| 2017-09-06 | CVE-2015-7241 | XXE vulnerability in SAP Netweaver 4.0/6.4/7.0 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | 9.8 |
| 2017-07-12 | CVE-2017-9845 | Resource Exhaustion vulnerability in SAP Netweaver 7.40 disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | 7.5 |
| 2017-07-12 | CVE-2017-9844 | Deserialization of Untrusted Data vulnerability in SAP Netweaver 7400.12.21.30308 SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. | 7.5 |
| 2017-04-10 | CVE-2016-10311 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Netweaver Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | 9.8 |