Improper access control during application start-up in SAP AS NetWeaver JAVA.
CVE-2023-30744
8.2HIGH
What is CVE-2023-30744?
In SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50, and CORE-TOOLS 7.50, a vulnerability exists that allows an unauthenticated attacker to exploit an open interface. The attacker can leverage an open naming and directory API to instantiate objects that expose callable methods without requiring further authorization or authentication. This flaw could enable attackers to read or alter the state of existing services, which poses significant risks to the integrity and confidentiality of data while maintaining service availability.
Affected Version(s)
SAP AS NetWeaver JAVA SERVERCORE 7.50
SAP AS NetWeaver JAVA J2EE-FRMW 7.50
SAP AS NetWeaver JAVA CORE-TOOLS 7.50