Sap_se Sap Netweaver Application Server Java
8 CVEs affecting Sap_se Sap Netweaver Application Server Java. Latest disclosed: 2026-02-10. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0067 | Medium | 6.3 | 2025-01-14 | Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo conn… |
CVE-2025-27431 | Medium | 5.4 | 2025-03-11 | User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inj… |
CVE-2025-0054 | Medium | 5.4 | 2025-02-11 | SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows… |
CVE-2025-42919 | Medium | 5.3 | 2025-11-11 | Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An una… |
CVE-2025-42926 | Medium | 5.3 | 2025-09-09 | SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Up… |
CVE-2025-24869 | Medium | 4.3 | 2025-02-11 | SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their… |
CVE-2025-42978 | Low | 3.5 | 2025-07-08 | The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used… |
CVE-2026-23686 | Low | 3.4 | 2026-02-10 | Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially cra… |