Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Filtered by product Netweaver Application Server Java
Total 64 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-2492 1 Sap 1 Netweaver Application Server Java 2024-02-04 5.5 MEDIUM 7.1 HIGH
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
CVE-2018-2504 1 Sap 1 Netweaver Application Server Java 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
CVE-2018-2452 1 Sap 1 Netweaver Application Server Java 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
CVE-2017-14581 1 Sap 1 Netweaver Application Server Java 2024-02-04 5.0 MEDIUM 7.5 HIGH
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.