Sap_se Sap Netweaver Application Server Java

8 CVEs affecting Sap_se Sap Netweaver Application Server Java. Latest disclosed: 2026-02-10. Critical: 0, High: 0.

Top CVEs affecting Sap_se Sap Netweaver Application Server Java
CVESeverityScorePublishedSummary
CVE-2025-0067Medium6.32025-01-14Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo conn…
CVE-2025-27431Medium5.42025-03-11User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inj…
CVE-2025-0054Medium5.42025-02-11SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows…
CVE-2025-42919Medium5.32025-11-11Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An una…
CVE-2025-42926Medium5.32025-09-09SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Up…
CVE-2025-24869Medium4.32025-02-11SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their…
CVE-2025-42978Low3.52025-07-08The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used…
CVE-2026-23686Low3.42026-02-10Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially cra…