In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSap Netweaver Application Server Java
APPSap7.227.497.53krnl64nuc_7.22krnl64nuc_7.22extkrnl64nuc_7.49krnl64uc_7.22krnl64uc_7.22extkrnl64uc_7.49
Related vulnerabilities
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authen...
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require ...
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to ex...
SAP NetWeaver AS Java β command injection przez upload pliku w Log Viewer
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong aut...