Vulnerabilities > CVE-2024-22127 - Unspecified vulnerability in SAP Netweaver Application Server Java 7.5

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

critical

NVD

Published: 2024-03-12

Updated: 2025-02-07

Summary

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server Java 7.5	1

References

https://me.sap.com/notes/3433192
https://me.sap.com/notes/3433192
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364