Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application.
CVE ID: CVE-2025-0067
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
Vendor: SAP_SE
Product: SAP NetWeaver Application Server Java
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.48% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)