Sap Netweaver As Java vulnerabilities
3 known vulnerabilities affecting sap/sap_netweaver_as_java.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-2503HIGHCVSS 7.4v= 7.11v= 7.20+4 more2018-12-11
CVE-2018-2503 [HIGH] CWE-862 CVE-2018-2503: By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
cvelistv5nvd
CVE-2018-2504MEDIUMCVSS 6.1v= 7.10v= 7.11+5 more2018-12-11
CVE-2018-2504 [MEDIUM] CWE-79 CVE-2018-2504: SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
cvelistv5nvd
CVE-2018-2452MEDIUMCVSS 6.1v= 7.10 to 7.11v= 7.20+4 more2018-09-11
CVE-2018-2452 [MEDIUM] CWE-79 CVE-2018-2452: The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not s
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
cvelistv5nvd