Netweaver application server java
This hub aggregates every CVE we track for Netweaver application server java, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
69
CVEs tracked
11
Critical
20
High
7
In CISA KEV
Severity distribution
MEDIUM37HIGH20CRITICAL11LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
1
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Netweaver application server java.
- CVE-2026-27674Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)6.1
- CVE-2026-23686CRLF Injection vulnerability in SAP NetWeaver Application Server Java3.4
- CVE-2025-42926Missing Authentication check in SAP NetWeaver Application Server Java5.3
- CVE-2024-28164Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)5.3
- CVE-2024-34688Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)7.5
- CVE-2024-22127Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)9.1
- CVE-2024-24743XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)8.6
- CVE-2024-22126Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)6.1
- CVE-2023-42480Information Disclosure in NetWeaver AS Java Logon5.3
- CVE-2023-42477Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)6.5
- CVE-2023-40309Missing Authorization check in SAP CommonCryptoLib9.8
- CVE-2023-40308Memory Corruption vulnerability in SAP CommonCryptoLib7.5
- CVE-2023-24526Improper Access Control in SAP NetWeaver AS Java (Classload Service)5.3
- CVE-2022-41262Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful ex...6.1
- CVE-2022-26103Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and a...5.3
Product normalization is registry-driven with AI assist and human review. How it works