CVE-2023-24526

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user c...

SAP NetWeaver Application Server Java Authorization Issues Vulnerability

SAP NetWeaver Application Server Java is an application server from SAP. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java, which arises from the program not properly checking the authorization of the service endpoint, no details of the vulnerability are availab...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which can be...

CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web...

CVE-2021-21492

SAP NetWeaver Application Server JavaHTTP Service, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled...