Known Vulnerabilities for Netweaver Application Server Java by Sap
Listed below are 10 of the newest known vulnerabilities associated with "Netweaver Application Server Java" by "Sap".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27674 json | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker... | Not Provided | 2026-04-14 | 2026-04-15 |
| CVE-2023-42480 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2023-11-14 | 2023-11-20 |
| CVE-2023-42477 json | SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulne... | 6.5 - MEDIUM | 2023-10-10 | 2023-10-16 |
| CVE-2023-40309 json | SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization chec... | 9.8 - CRITICAL | 2023-09-12 | 2023-09-15 |
| CVE-2023-40308 json | SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a mem... | 7.5 - HIGH | 2023-09-12 | 2023-09-15 |
| CVE-2023-24526 json | SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for fu... | 5.3 - MEDIUM | 2023-03-14 | 2023-04-11 |
| CVE-2022-41262 json | Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated... | 6.1 - MEDIUM | 2022-12-12 | 2023-11-07 |
| CVE-2022-26103 json | Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access informat... | 5.3 - MEDIUM | 2022-03-10 | 2022-03-18 |
| CVE-2022-22533 json | Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7... | 7.5 - HIGH | 2022-02-09 | 2022-10-27 |
| CVE-2022-22532 json | In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNE... | 9.8 - CRITICAL | 2022-02-09 | 2022-09-30 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver Application Server Java | 7.5 | |||
| Application | Sap | Netweaver Application Server Java | 7.4 | |||
| Application | Sap | Netweaver Application Server Java | 7.3 | |||
| Application | Sap | Netweaver Application Server Java | 7.2 | |||
| Application | Sap | Netweaver Application Server Java | 7.11 | |||
| Application | Sap | Netweaver Application Server Java | 7.1 | |||
| Application | Sap | Netweaver Application Server Java | 7.05 | |||
| Application | Sap | Netweaver Application Server Java | 7.02 | |||
| Application | Sap | Netweaver Application Server Java | 7.01 | |||
| Application | Sap | Netweaver Application Server Java | 7.00 |