Vulnerabilities > SAP > Netweaver Application Server FOR Java > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-30744 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server for Java 7.50
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.
network
low complexity
sap CWE-306
critical
9.1
2023-01-10 CVE-2023-0017 Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system.
network
low complexity
sap CWE-284
critical
9.8