Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe

Filtered by product Netweaver Application Server Java

Total 66 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-0318	1 Sap	1 Netweaver Application Server Java	2024-11-21	3.5 LOW	5.3 MEDIUM
Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0275	1 Sap	1 Netweaver Application Server Java	2024-11-21	3.5 LOW	5.4 MEDIUM
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
CVE-2018-2504	1 Sap	1 Netweaver Application Server Java	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
CVE-2018-2503	1 Sap	1 Netweaver Application Server Java	2024-11-21	3.3 LOW	7.4 HIGH
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
CVE-2018-2492	1 Sap	1 Netweaver Application Server Java	2024-11-21	5.5 MEDIUM	7.1 HIGH
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
CVE-2018-2452	1 Sap	1 Netweaver Application Server Java	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.