N/A

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.

N/A

N/A

SAP NetWeaver AS Java 授权问题漏洞

SAP NetWeaver Application Server Java是德国思爱普（SAP）公司的一款提供了Java运行环境的应用程序服务器。该产品主要用于开发和运行Java EE应用程序。 SAP NetWeaver AS Java中存在安全漏洞，该漏洞源于通过P4协议连接到独立客户端没有对用户操作进行任意身份验证。攻击者可利用该漏洞绕过身份验证。以下产品及版本受到影响：SAP NetWeaver AS Java SAP-JEECOR 7.00版本，7.01版本；SERVERCOR 7.10版本，7

N/A

N/A