漏洞描述
SAP NetWeaver Application ServerJava是德国思爱普(SAP)公司的一款提供了Java运行环境的应用程序服务器。该产品主要用于开发和运行Java EE应用程序。 SAP NetWeaverAS Java中存在安全漏洞,该漏洞源于通过P4协议连接到独立客户端没有对用户操作进行任意身份验证。攻击者可利用该漏洞绕过身份验证。
SAP NetWeaver AS Java任意用户注册漏洞(CVE-2020-6287)
PoC代码
暂无相关漏洞推荐
- POC CVE-2013-3827: Javafaces LFI
- POC CVE-2016-2389: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
- POC CVE-2017-12637: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
- POC CVE-2020-6287: SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
- POC CVE-2021-33690: SAP NetWeaver Development Infrastructure - Server Side Request Forgery
- POC CVE-2021-37573: Tiny Java Web Server - Cross-Site Scripting
- POC CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 - Template Injection
- POC CVE-2023-29827: Embedded JavaScript(EJS) 3.1.6 - Template Injection
- POC CVE-2025-31324: SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
- POC CVE-2025-46822: Java-springboot-codebase 1.1 - Arbitrary File Read
- POC CVE-2017-12149: Java/Jboss Deserialization [RCE]
- POC CVE-2018-15531: JavaMelody XXE
- POC javamelody-detect: JavaMelody Monitoring Exposed