Filtered by vendor Sap Subscriptions
Filtered by product Netweaver Application Server For Java Subscriptions
Total 9 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-31405 1 Sap 1 Netweaver Application Server For Java 2024-11-08 5.3 Medium
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any effect on availability.
CVE-2021-27635 1 Sap 1 Netweaver Application Server For Java 2024-08-03 6.5 Medium
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.
CVE-2021-27621 1 Sap 1 Netweaver Application Server For Java 2024-08-03 4.9 Medium
Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.
CVE-2022-27669 1 Sap 1 Netweaver Application Server For Java 2024-08-03 7.5 High
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.
CVE-2023-30744 1 Sap 1 Netweaver Application Server For Java 2024-08-02 8.2 High
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.  A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.
CVE-2023-27268 1 Sap 1 Netweaver Application Server For Java 2024-08-02 5.3 Medium
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.
CVE-2023-26460 1 Sap 1 Netweaver Application Server For Java 2024-08-02 5.3 Medium
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity
CVE-2023-23857 1 Sap 1 Netweaver Application Server For Java 2024-08-02 9.9 Critical
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.
CVE-2023-0017 1 Sap 1 Netweaver Application Server For Java 2024-08-02 9.4 Critical
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.