SAP NetWeaver AS Java Multiple Vulnerabilities (April 2023)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to...

CVE-2022-41272

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...