Filtered by vendor Sap
Subscriptions
Filtered by product Netweaver Application Server Java
Subscriptions
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0318 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A |
| Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0275 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.4 Medium |
| SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | ||||
| CVE-2018-2504 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | ||||
| CVE-2018-2503 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.4 High |
| By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | ||||
| CVE-2018-2492 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.1 High |
| SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | ||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2024-47592 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-12 | 5.3 Medium |
| SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. | ||||