cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-6282,https://securityvulnerability.io/vulnerability/CVE-2020-6282,,"SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.",SAP,"SAP Netweaver As Java (iiop Service) (servercore),SAP Netweaver As Java (iiop Service) (core-tools)",5.8,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-07-14T12:30:14.000Z,0
CVE-2018-2503,https://securityvulnerability.io/vulnerability/CVE-2018-2503,,"By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).",SAP,SAP Netweaver As Java (servercore),7.4,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2018-12-11T23:00:00.000Z,0
CVE-2018-2504,https://securityvulnerability.io/vulnerability/CVE-2018-2504,,"SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.",SAP,SAP Netweaver As Java (servercore),6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2018-12-11T23:00:00.000Z,0