Skip to main content

Netweaver Development Infrastructure

4 CVEs product

Monthly

CVE-2022-29618 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-33691 MEDIUM PATCH This Month

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-33690 CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure SSRF SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
9.9
EPSS
67.7%
CVE-2013-6820 CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE Netweaver Development Infrastructure
NVD
CVSS 2.0
9.3
EPSS
3.8%
EPSS 1% CVSS 6.1
MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Development Infrastructure
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS SAP Netweaver Development Infrastructure
NVD
EPSS 68% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure SSRF SAP +1
NVD
EPSS 4% CVSS 9.3
CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy