SAP NetWeaver Application Server Java 代码注入漏洞

SAP NetWeaver Application Server Java is an application server provided by the German company SAP, which offers a Java runtime environment. This product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a code injection vulnerability; thi...

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23686

CVE-2026-23686 concerns SAP NetWeaver Application Server Java. It describes a CRLF Injection vulnerability where an authenticated, admin-level attacker can submit crafted content to the application, allowing injection of untrusted entries into generated configuration and manipulation of applicati...

CVE-2025-42919

CVE-2025-42919 affects the SAP NetWeaver Application Server Java. The vulnerability is an information disclosure caused by improper restriction of path components, allowing an unauthenticated attacker to access internal metadata files by crafting URLs. The impact is partial confidentiality loss; ...

SAP NetWeaver Application Server Java 路径遍历漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used to develop and run Java EE applications. A path traversal vulnerability exists in SAP NetWeaver Application Server Java, which stems from the...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used for developing and running Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java that stems from...

CVE-2023-24526

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user c...

SAP NetWeaver Application Server Java Authorization Issues Vulnerability

SAP NetWeaver Application Server Java is an application server from SAP. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java, which arises from the program not properly checking the authorization of the service endpoint, no details of the vulnerability are availab...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which can be...

CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web...

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server Java, which can b...

SAP NetWeaver Application Server Java 跨站脚本漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which stems from t...

CVE-2025-0067 Missing Authorization check in SAP NetWeaver Application Server Java

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on...

PT-2024-10483 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java affected versions not specified Description: The issue is related to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java. This allows an attacker with a standar...

SAP NetWeaver Application Server Java 访问控制错误漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is primarily used for developing and running Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java, which originate...

SAP NetWeaver Application Server Java 访问控制错误漏洞

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An access control error vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from the fact that ...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

Input validation

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...