Sap netweaver java application server
This hub aggregates every CVE we track for Sap netweaver java application server, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
18
CVEs tracked
5
Critical
4
High
2
In CISA KEV
Severity distribution
MEDIUM8CRITICAL5HIGH4LOW1
Monthly trend
0
0
0
2
0
1
0
0
0
0
0
0
0
0
0
1
0
1
0
0
2
0
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Sap netweaver java application server.
- CVE-2026-40128Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)9.0
- CVE-2026-34264Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA6.5
- CVE-2026-27674Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)6.1
- CVE-2026-0510Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping3.0
- CVE-2025-42919Information Disclosure vulnerability in SAP NetWeaver Application Server Java5.3
- CVE-2025-0067Missing Authorization check in SAP NetWeaver Application Server Java6.3
- CVE-2024-47593Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform4.3
- CVE-2024-47592Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)5.3
- CVE-2023-40309Missing Authorization check in SAP CommonCryptoLib9.8
- CVE-2023-40308Memory Corruption vulnerability in SAP CommonCryptoLib7.5
- CVE-2010-5326Уязвимость компонента Invoker Servlet сервера веб-приложений SAP NetWeaver Java Application Server, позволяющая нарушителю выполнить произвольный код или получить полный контроль над системой10.0
- CVE-2016-9563Уязвимость компонента BC-BMT-BPM-DSK сервера веб-приложений SAP NetWeaver Java Application Server, позволяющая нарушителю проводить XXE-атаки6.5
- CVE-2021-37535SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.9.8
- CVE-2020-6309SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the at...7.5
- CVE-2020-6287SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configu...KEV10.0
Product normalization is registry-driven with AI assist and human review. How it works