Filtered by vendor Sap
                         Subscriptions
                    
                    
                
                        Filtered by product Netweaver Application Server Java
                         Subscriptions
                    
                    
                
                    Total
                    68 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2019-0327 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 
| SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. | ||||
| CVE-2019-0318 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 
| Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0275 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.4 Medium | 
| SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | ||||
| CVE-2018-2504 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium | 
| SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | ||||
| CVE-2018-2503 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.4 High | 
| By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | ||||
| CVE-2018-2492 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.1 High | 
| SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | ||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium | 
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2024-47592 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-12 | 5.3 Medium | 
| SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. | ||||