Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR by SAP SE
CVE-2019-0355 (GCVE-0-2019-0355)
Vulnerability from cvelistv5 – Published: 2019-09-10 16:07 – Updated: 2024-08-04 17:44
VLAI
EPSS
VEX
Summary
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2798336 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS for Java (Web Container)-ENGINEAPI |
Affected:
< 7.10
Affected: < 7.20 Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < 7.50 |
|
| SAP SE | SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR |
Affected:
< 6.40
Affected: < 7.0 Affected: < 7.01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2798336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for Java (Web Container)-ENGINEAPI",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.10"
},
{
"status": "affected",
"version": "\u003c 7.20"
},
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
},
{
"product": "SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 6.40"
},
{
"status": "affected",
"version": "\u003c 7.0"
},
{
"status": "affected",
"version": "\u003c 7.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:07:10.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2798336"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for Java (Web Container)-ENGINEAPI",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.10"
},
{
"version_name": "\u003c",
"version_value": "7.20"
},
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "6.40"
},
{
"version_name": "\u003c",
"version_value": "7.0"
},
{
"version_name": "\u003c",
"version_value": "7.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2798336",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2798336"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0355",
"datePublished": "2019-09-10T16:07:10.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0355 (GCVE-0-2019-0355)
Vulnerability from nvd – Published: 2019-09-10 16:07 – Updated: 2024-08-04 17:44
VLAI
EPSS
VEX
Summary
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_CONFIRM |
| https://launchpad.support.sap.com/#/notes/2798336 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS for Java (Web Container)-ENGINEAPI |
Affected:
< 7.10
Affected: < 7.20 Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < 7.50 |
|
| SAP SE | SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR |
Affected:
< 6.40
Affected: < 7.0 Affected: < 7.01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2798336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for Java (Web Container)-ENGINEAPI",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.10"
},
{
"status": "affected",
"version": "\u003c 7.20"
},
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
},
{
"product": "SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 6.40"
},
{
"status": "affected",
"version": "\u003c 7.0"
},
{
"status": "affected",
"version": "\u003c 7.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:07:10.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2798336"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for Java (Web Container)-ENGINEAPI",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.10"
},
{
"version_name": "\u003c",
"version_value": "7.20"
},
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP NetWeaver AS for Java (Web Container)-SAP-JEECOR",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "6.40"
},
{
"version_name": "\u003c",
"version_value": "7.0"
},
{
"version_name": "\u003c",
"version_value": "7.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2798336",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2798336"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0355",
"datePublished": "2019-09-10T16:07:10.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}