SAP NetWeaver Application Server Java
0 remedies
cpe:2.3:a:sap:application_server_java:*:*:*:*:*:*:*, +5 more
0 remedies
SAP NetWeaver Application Server Java Missing Authorization Check Vulnerability Allowing JCo Connection Entry Creation
Vulnerability
A vulnerability exists in SAP NetWeaver Application Server Java due to a missing authorization check on service endpoints. This flaw allows an attacker with a standard user role to create JCo connection entries, facilitating remote function calls to or from the application server. The vulnerability could result in a low impact on the application's confidentiality, integrity, and availability.
Impact
Exploitation of this vulnerability could lead to unauthorized creation of JCo connection entries, allowing for remote function calls that could disrupt the application's normal operations or manipulate its data.
Remediation
Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
1.9exploitability
5.2remediation
0.0relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.