Netweaver Application Server Java Security Vulnerabilities and Issues — Netweaver Application Server Java CVE List

Lucene search

SapNetweaver Application Server Java

5 matches found

CVE•added 2023/09/12 3:15 a.m.•85 views

CVE-2023-40309

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality ...

9.8CVSS9.7AI score0.00162EPSS

CVE•added 2023/03/14 5:15 a.m.•59 views

CVE-2023-24526

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can...

5.3CVSS5.6AI score0.00252EPSS

CVE•added 2023/09/12 2:15 a.m.•56 views

CVE-2023-40308

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

7.5CVSS7.7AI score0.00131EPSS

CVE•added 2023/11/14 1:15 a.m.•55 views

CVE-2023-42480

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

5.3CVSS5.5AI score0.00104EPSS

CVE•added 2023/10/10 2:15 a.m.•44 views

CVE-2023-42477

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.

6.5CVSS6.4AI score0.00092EPSS