VYPR
Unrated severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025

Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

CVE-2023-27268

Description

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.

Affected products

2
  • Range: = 7.50
  • SAP/NetWeaver AS Java (Object Analyzing Service)v5
    Range: 7.50

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.