Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in SAP NetWeaver AS Java for Deploy Service
Vulnerability Description
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
SAP NetWeaver AS 访问控制错误漏洞
Vulnerability Description
SAP NetWeaver AS是德国思爱普(SAP)公司的一款SAP网络应用服务器。它不仅能提供网络服务,且还是SAP软件的基本平台。 SAP NetWeaver AS Java for Deploy Service 7.5版本存在访问控制错误漏洞,该漏洞源于没有对需要用户身份的功能执行任何访问控制检查。
CVSS Information
N/A
Vulnerability Type
N/A