Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.11 views

CVE-2023-24527

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...

5.3CVSS7AI score0.00452EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/05/11 12:0 a.m.36 views

SAP NetWeaver AS Java Improper Access Control (May 2023)

SAP NetWeaver Application Server for Java is affected by improper access control vulnerability. An unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization...

9.1CVSS8.2AI score0.00624EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/09 1:36 a.m.41 views

CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA.

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

8.2CVSS9.4AI score0.00624EPSS
Exploits0References2
CNVD
CNVD
added 2023/03/16 12:0 a.m.23 views

SAP NetWeaver AS Java Licensing Issue Vulnerability (CNVD-2023-28121)

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from a failure to...

5.9AI score0.00445EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/03/14 5:15 a.m.34 views

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

5.3CVSS5.5AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2023/03/14 5:15 a.m.74 views

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

9.9CVSS9.5AI score0.00544EPSS
Exploits0References2
Prion
Prion
added 2023/03/14 5:15 a.m.29 views

Authorization

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

5CVSS5.6AI score0.00445EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder