cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47592,https://securityvulnerability.io/vulnerability/CVE-2024-47592,Brute Force Vulnerability Affects Confidentiality,SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.,SAP,SAP Netweaver Application Server Java (logon Application),5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T00:27:10.881Z,0
CVE-2024-33005,https://securityvulnerability.io/vulnerability/CVE-2024-33005,Authorization Bypass VI carbon zente ideal primal crux deliver,"Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.",SAP,"SAP Netweaver Application Server (abap And Java),SAP Web Dispatcher And SAP Content Server",6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T03:47:44.829Z,0
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2022-27669,https://securityvulnerability.io/vulnerability/CVE-2022-27669,,"An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.",SAP,SAP Netweaver Application Server For Java,7.5,HIGH,0.0021200000774115324,false,false,false,false,,false,false,2022-04-12T16:11:31.000Z,0
CVE-2022-22534,https://securityvulnerability.io/vulnerability/CVE-2022-22534,,"Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.",SAP,SAP Netweaver (abap And Java Application Servers),6.1,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2022-02-09T22:05:21.000Z,0
CVE-2022-22533,https://securityvulnerability.io/vulnerability/CVE-2022-22533,,"Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.",SAP,SAP Netweaver Application Server Java,7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2022-02-09T22:05:20.000Z,0
CVE-2022-22532,https://securityvulnerability.io/vulnerability/CVE-2022-22532,,"In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.",SAP,SAP Netweaver Application Server Java,9.8,CRITICAL,0.0025100000202655792,false,false,false,false,,false,false,2022-02-09T22:05:19.000Z,0
CVE-2021-37535,https://securityvulnerability.io/vulnerability/CVE-2021-37535,,"SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.",SAP,SAP Netweaver Application Server Java (jms Connector Service),10,CRITICAL,0.0024900001008063555,false,false,false,false,,false,false,2021-09-14T11:21:27.000Z,0
CVE-2021-21491,https://securityvulnerability.io/vulnerability/CVE-2021-21491,,"SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.",SAP,SAP Netweaver Application Server Java (applications Based On Web Dynpro Java),4.7,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2021-03-10T14:11:46.000Z,0
CVE-2020-6365,https://securityvulnerability.io/vulnerability/CVE-2020-6365,,"SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.",SAP,SAP Netweaver Application Server Java,4.7,MEDIUM,0.0013299999991431832,false,false,false,false,,false,false,2020-10-15T02:03:40.000Z,0
CVE-2020-6319,https://securityvulnerability.io/vulnerability/CVE-2020-6319,,"SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.",SAP,SAP Netweaver Application Server Java,6.1,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-10-15T01:52:28.000Z,0
CVE-2020-6202,https://securityvulnerability.io/vulnerability/CVE-2020-6202,,"SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.",SAP,SAP Netweaver Application Server Java (user Management Engine),5.5,MEDIUM,0.0010600000387057662,false,false,false,false,,false,false,2020-03-10T20:19:23.000Z,0
CVE-2019-0389,https://securityvulnerability.io/vulnerability/CVE-2019-0389,,"An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.",SAP,SAP Netweaver Application Server Java (j2ee-framework),8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2019-11-13T21:58:44.000Z,0
CVE-2019-0345,https://securityvulnerability.io/vulnerability/CVE-2019-0345,,"A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.",SAP,SAP Netweaver Application Server For Java (administrator System Overview),9.8,CRITICAL,0.007269999943673611,false,false,false,false,,false,false,2019-08-14T13:54:04.000Z,0
CVE-2019-0327,https://securityvulnerability.io/vulnerability/CVE-2019-0327,,"SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.",SAP,"SAP Netweaver For Java Application Server - Web Container (engineapi),SAP Netweaver For Java Application Server - Web Container (servercode)",7.2,HIGH,0.006459999829530716,false,false,false,false,,false,false,2019-07-10T19:09:39.000Z,0
CVE-2019-0318,https://securityvulnerability.io/vulnerability/CVE-2019-0318,,"Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted.",SAP,SAP Netweaver Application Server For Java (startup Framework),5.3,MEDIUM,0.0016700000269338489,false,false,false,false,,false,false,2019-07-10T18:48:07.000Z,0
CVE-2019-0275,https://securityvulnerability.io/vulnerability/CVE-2019-0275,,"SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.",SAP,SAP Netweaver Java Application Server (j2ee-apps),5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2019-03-12T22:00:00.000Z,0
CVE-2018-2492,https://securityvulnerability.io/vulnerability/CVE-2018-2492,,"SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.",SAP,SAP Netweaver Application Server (java Library),7.1,HIGH,0.001560000004246831,false,false,false,false,,false,false,2018-12-11T23:00:00.000Z,0
CVE-2017-14581,https://securityvulnerability.io/vulnerability/CVE-2017-14581,,"The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.",SAP,Netweaver Application Server Java,7.5,HIGH,0.0018100000452250242,false,false,false,false,,false,false,2017-09-19T16:00:00.000Z,0
CVE-2017-12637,https://securityvulnerability.io/vulnerability/CVE-2017-12637,,"Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.",SAP,Netweaver Application Server Java,7.5,HIGH,0.029100000858306885,false,false,false,false,,false,false,2017-08-07T20:00:00.000Z,0
CVE-2017-11458,https://securityvulnerability.io/vulnerability/CVE-2017-11458,,"Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.",SAP,Netweaver Application Server Java,6.1,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2017-07-25T18:00:00.000Z,0
CVE-2017-11457,https://securityvulnerability.io/vulnerability/CVE-2017-11457,,"XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.",SAP,Netweaver Application Server Java,6.5,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2017-07-25T18:00:00.000Z,0
CVE-2017-8913,https://securityvulnerability.io/vulnerability/CVE-2017-8913,,"The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.",SAP,Netweaver Application Server Java,8.8,HIGH,0.001500000013038516,false,false,false,false,,false,false,2017-05-23T03:56:00.000Z,0
CVE-2017-7717,https://securityvulnerability.io/vulnerability/CVE-2017-7717,,"SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.",SAP,Netweaver Application Server Java,8.8,HIGH,0.0014900000533089042,false,false,false,false,,false,false,2017-04-14T18:00:00.000Z,0