Vulnerabilities > SAP > Netweaver > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-6181 Unspecified vulnerability in SAP Abap Platform and Netweaver
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
network
low complexity
sap
5.0
2020-01-23 CVE-2013-1593 Improper Validation of Array Index vulnerability in SAP Netweaver
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
network
low complexity
sap CWE-129
5.0
2019-08-14 CVE-2019-0351 Unspecified vulnerability in SAP Netweaver
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50.
network
low complexity
sap
6.5
2019-01-08 CVE-2019-0248 Unspecified vulnerability in SAP Basis and Netweaver
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
network
sap
4.3
2018-12-11 CVE-2018-2504 Cross-site Scripting vulnerability in SAP Netweaver
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2018-12-11 CVE-2018-2492 Improper Input Validation vulnerability in SAP Netweaver
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source.
network
low complexity
sap CWE-20
5.5
2018-11-13 CVE-2018-2477 XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
6.5
2018-11-13 CVE-2018-2476 Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
network
sap CWE-601
5.8
2018-10-09 CVE-2018-2470 Cross-site Scripting vulnerability in SAP Netweaver
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2018-09-11 CVE-2018-2464 Cross-site Scripting vulnerability in SAP Netweaver
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3