VYPR
Unrated severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025

Improper Access Control in SAP NetWeaver AS Java (Classload Service)

CVE-2023-24526

Description

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.