Sap netweaver application server java
This hub aggregates every CVE we track for Sap netweaver application server java, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM8LOW2HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
1
2
1
0
0
0
1
0
1
0
1
0
0
1
0
0
0
0
0
2024-082026-07
Latest CVEs
The 13 most recently published vulnerabilities affecting Sap netweaver application server java.
- CVE-2026-23686CRLF Injection vulnerability in SAP NetWeaver Application Server Java3.4
- CVE-2025-42919Information Disclosure vulnerability in SAP NetWeaver Application Server Java5.3
- CVE-2025-42926Missing Authentication check in SAP NetWeaver Application Server Java5.3
- CVE-2025-42978Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java3.5
- CVE-2025-27431Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java5.4
- CVE-2025-24869Information Disclosure vulnerability in SAP NetWeaver Application Server Java4.3
- CVE-2025-0054Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java5.4
- CVE-2025-0067Missing Authorization check in SAP NetWeaver Application Server Java6.3
- CVE-2022-22533Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could sub...7.5
- CVE-2022-22532In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted H...9.8
- CVE-2020-6365SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse ta...6.1
- CVE-2020-6319SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different ...6.1
- CVE-2015-4091XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to...7.5
Product normalization is registry-driven with AI assist and human review. How it works