Filtered by vendor Sap Subscriptions
Filtered by product Netweaver Application Server Java Subscriptions
Total 66 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-21485 1 Sap 1 Netweaver Application Server Java 2024-08-03 6.5 Medium
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
CVE-2022-41262 1 Sap 1 Netweaver Application Server Java 2024-08-03 6.1 Medium
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application.
CVE-2022-26103 1 Sap 1 Netweaver Application Server Java 2024-08-03 5.3 Medium
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-22533 1 Sap 1 Netweaver Application Server Java 2024-08-03 7.5 High
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.
CVE-2022-22532 1 Sap 1 Netweaver Application Server Java 2024-08-03 9.8 Critical
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.
CVE-2023-24526 1 Sap 1 Netweaver Application Server Java 2024-08-02 5.3 Medium
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.