Netweaver

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-23685 MEDIUM This Month

Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.

Sap Denial Of Service Deserialization Netweaver
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-42968 MEDIUM PATCH This Month

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Sap Authentication Bypass Netweaver
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-42999 CRITICAL POC KEV THREAT Act Now

SAP NetWeaver Visual Composer allows privileged users to upload untrusted content that is deserialized on the server, enabling remote code execution. Companion to CVE-2025-31324.

Sap Deserialization Netweaver
NVD
CVSS 3.1
9.1
EPSS
67.8%
CVE-2025-31324 CRITICAL KEV THREAT Emergency

SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0).

Sap File Upload Netweaver
NVD
CVSS 3.1
10.0
EPSS
32.2%
CVE-2024-22124 MEDIUM Monitor

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22,. Rated medium severity (CVSS 4.1). No vendor patch available.

Sap Information Disclosure Netweaver
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2026-23685
EPSS 0% CVSS 4.4
MEDIUM This Month

Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.

Sap Denial Of Service Deserialization +1
NVD
CVE-2025-42968
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Sap Authentication Bypass Netweaver
NVD
CVE-2025-42999
EPSS 68% CVSS 9.1
CRITICAL POC KEV THREAT Act Now

SAP NetWeaver Visual Composer allows privileged users to upload untrusted content that is deserialized on the server, enabling remote code execution. Companion to CVE-2025-31324.

Sap Deserialization Netweaver
NVD
CVE-2025-31324
EPSS 32% CVSS 10.0
CRITICAL KEV THREAT Emergency

SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0).

Sap File Upload Netweaver
NVD
CVE-2024-22124
EPSS 0% CVSS 4.1
MEDIUM Monitor

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22,. Rated medium severity (CVSS 4.1). No vendor patch available.

Sap Information Disclosure Netweaver
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy