Description
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-1496 | Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application. |
References
History
Tue, 14 Jan 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jan 2025 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application. | |
| Title | Missing Authorization check in SAP NetWeaver Application Server Java | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: sap
Published:
Updated: 2025-01-14T15:04:14.047Z
Reserved: 2024-12-11T05:05:10.943Z
Link: CVE-2025-0067
Updated: 2025-01-14T15:04:01.332Z
Status : Deferred
Published: 2025-01-14T01:15:16.950
Modified: 2026-06-17T08:25:44.910
Link: CVE-2025-0067
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-862
Missing Authorization
EUVD