VYPR

NetWeaver AS Java Logon application

by SAP

CVEs (2)

  • CVE-2018-2371MedFeb 14, 2018
    risk 0.40cvss 6.1epss 0.01

    The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.

  • CVE-2023-42480Nov 14, 2023
    risk 0.00cvss epss 0.01

    The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.