What is CVE-2015-8840?

CVE-2015-8840 is a high-severity vulnerability in Sap Netweaver_application_server_java, classified under Missing Authorization. CVSS score: 8.8/10. Published 2016-04-08.

How severe is CVE-2015-8840?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Sap Netweaver_application_server_java

CVE-2015-8840

The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via request…

Vulnerability class: Broken Access Control

EPSS: 0.005 (65.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sap Netweaver_application_server_java
N/a — versions n/a

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

cve@mitre.org (x_refsource_MISC, Broken Link)
cve@mitre.org (Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-8840?: CVE-2015-8840 is a high-severity vulnerability in Sap Netweaver_application_server_java, classified under Missing Authorization. CVSS score: 8.8/10. Published 2016-04-08.
How severe is CVE-2015-8840?: High severity. CVSS v3 base score is 8.8 out of 10.