PT-2022-18561 · Sap · Sap Netweaver Application Server Java

Published

2022-04-12

Updated

2022-04-20

CVE-2022-27669

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for Java version 7.50

Description The issue allows an unauthenticated user to use functions of the XML Data Archiving Service, which may result in an escalation of privileges. Access to these functions should be restricted.

Recommendations For version 7.50, restrict access to the XML Data Archiving Service functions to prevent unauthorized use and potential privilege escalation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-27669

Affected Products

Sap Netweaver Application Server Java

PT-2022-18561 · Sap · Sap Netweaver Application Server Java

CVE-2022-27669

Weakness Enumeration

Related Identifiers

Affected Products

References · 5