CVE-2024-22127

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

Published: Mar 12, 2024
Updated: May 4, 2025
CVE: CVE-2024-22127
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_java	7.5	7.5.x

https://me.sap.com/notes/3433192
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Vulnerability Database

289,784

CVE-2024-22127