Description
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
CVSS breakdown
CVSS 3.0
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
High
Affected products
- SAP_SE / SAP NetWeaver AS JAVA< SAP-JEECOR 7.00 – < SAP-JEECOR 7.00
- SAP_SE / SAP NetWeaver AS JAVA< 7.01 SERVERCOR 7.10 – < 7.01 SERVERCOR 7.10
- SAP_SE / SAP NetWeaver AS JAVA< 7.11 – < 7.11
- SAP_SE / SAP NetWeaver AS JAVA< 7.20 – < 7.20
- SAP_SE / SAP NetWeaver AS JAVA< 7.30 – < 7.30
- SAP_SE / SAP NetWeaver AS JAVA< 7.31 – < 7.31
- SAP_SE / SAP NetWeaver AS JAVA< 7.40 – < 7.40
- SAP_SE / SAP NetWeaver AS JAVA< 7.50 CORE-TOOLS 7.00 – < 7.50 CORE-TOOLS 7.00
- SAP_SE / SAP NetWeaver AS JAVA< 7.01 – < 7.01
- SAP_SE / SAP NetWeaver AS JAVA< 7.02 – < 7.02
- SAP_SE / SAP NetWeaver AS JAVA< 7.05 – < 7.05
- SAP_SE / SAP NetWeaver AS JAVA< 7.10 – < 7.10
- SAP_SE / SAP NetWeaver AS JAVA< 7.50 – < 7.50