Unrated severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025
Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)
CVE-2023-27268
Description
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.
Affected products
2- Range: = 7.50
- SAP/NetWeaver AS Java (Object Analyzing Service)v5Range: 7.50
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.