Sap Netweaver Development Infrastructure vulnerabilities

CVE-2022-29618 [MEDIUM] CWE-79 CVE-2022-29618: Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Reposito Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confident

CVE-2021-33690 [CRITICAL] CWE-918 CVE-2021-33690: Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending

CVE-2021-33691 [MEDIUM] CWE-79 CVE-2021-33691: NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets execu