Sap Netweaver Application Server For Java — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Netweaver Application Server For Java, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-23857 — CVSS 9.9 (critical): Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open…
CVE-2023-0017 — CVSS 9.4 (critical): An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface…
CVE-2023-30744 — CVSS 8.2 (high): In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open…
CVE-2022-27669 — CVSS 7.5 (high): An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to…
CVE-2021-27635 — CVSS 6.5 (medium): SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a…
CVE-2023-31405 — CVSS 5.3 (medium): SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request…
CVE-2023-26460 — CVSS 5.3 (medium): Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for…
CVE-2023-27268 — CVSS 5.3 (medium): SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an…
CVE-2021-27621 — CVSS 4.9 (medium): Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions -…