CVE-2025-42926

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42926 Missing Authentication check in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42925 Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

CVE-2025-42922 Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system...

PT-2025-36553

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: SAP NetWeaver AS Java contains a flaw in an available service that allows an authenticated, non-administrative attacker to upload an arbitrary file. Execution of this file can...

SAP NetWeaver AS Java 代码注入漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A code injection vulnerability exists in SAP NetWeaver AS Java that originates from allowing the uploading of arbitrary files, which could lead to full control of the system...

CVE-2024-47588

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

The vulnerability of the SAP NetWeaver AS for Java software integration platform, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the SAP NetWeaver AS for Java software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a attacker to perform an SSRF attack.

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java web application development and deployment framework is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a...

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a perpetrator to compromise the confidentiality of protected information.

The vulnerability of the Adobe Document Service component in SAP NetWeaver AS for Java software for creating and deploying web applications is related to the leakage of file and directory information. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of protect...

PT-2024-9338 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java affected versions not specified Description: The issue allows an attacker, authenticated as an administrator, to use an exposed webservice to upload or download a custom PDF font file on the system server. By...

The vulnerability of the SAP NetWeaver AS Java software integration platform lies in the absence of authentication procedures, which allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of SAP NetWeaver AS Java software-based integration platforms is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely compromise the confidentiality and integrity of the protected information...

The vulnerability of SAP NetWeaver Java software update, related to insufficient protection of registration data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP NetWeaver Java software update manager is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

The vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher integration platforms are related to authentication procedures that lack sufficient safeguards. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher programming integration platforms are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality,...

The vulnerability of the Guided Procedures component of the SAP NetWeaver AS for Java software used for creating and deploying web applications allows a malicious individual to gain unauthorized access to confidential information.

The vulnerability of the Guided Procedures component in the SAP NetWeaver AS for Java web application creation and deployment software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to...

CVE-2024-28164

SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...

The vulnerability of the SAP AS NetWeaver JAVA software for creating and deploying web applications lies in the lack of authentication for a critical function, allowing attackers to modify the state of existing services.

The vulnerability of the SAP AS NetWeaver JAVA software for creating and deploying web applications is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify the state of existing services...