PT-2025-36553

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: SAP NetWeaver AS Java contains a flaw in an available service that allows an authenticated, non-administrative attacker to upload an arbitrary file. Execution of this file can...

SAP NetWeaver AS Java 代码注入漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A code injection vulnerability exists in SAP NetWeaver AS Java that originates from allowing the uploading of arbitrary files, which could lead to full control of the system...

CVE-2024-47588

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

PT-2024-9338 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java affected versions not specified Description: The issue allows an attacker, authenticated as an administrator, to use an exposed webservice to upload or download a custom PDF font file on the system server. By...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2024-28164

SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...

PT-2024-4514 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions 7.50 Description: The issue is related to the incorrect restriction of XML links to external objects in the Guided Procedures component of SAP NetWeaver AS for Java. This can be exploited by a remote attacker...

PT-2023-28365 · Sap · Netweaver As Java Logon

Name of the Vulnerable Software and Affected Versions: NetWeaver AS Java Logon application version 7.50 Description: The issue allows an unauthenticated attacker to brute force the login functionality, identifying legitimate user ids. This has an impact on confidentiality, with no other impact on...

CVE-2023-42477

SAP NetWeaver AS Java GRMG Heartbeat application - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application...

CVE-2023-30744

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA.

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

PT-2023-8732 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50 Description: The issue is related to the lack of authentication for a critical function in SAP AS NetWeaver JAVA, allowing an unauthenticated attacker to attach t...

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

CVE-2023-24526

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user c...

VulnCheck KEV: CVE-2022-22536

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the...

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

SAP NetWeaver Application Server Java 资源管理错误漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a resource management error vulnerability that...

SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...