Unrated severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025
Improper Access Control in SAP NetWeaver AS Java (Classload Service)
CVE-2023-24526
Description
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.
Affected products
2- Range: =7.50
- Range: 7.50
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.