CVE-2024-22127

CRITICAL

SAP NetWeaver Administrator AS Java - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22127. PoCs published by mylo-2001.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-22127, targeting SAP services with a reverse shell payload. The exploit includes fingerprinting, a simulated CVE-2024-22127 exploit, and a DIAG reverse shell module.

Description

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

Exploits (1)

nomisec WORKING POC 1 stars
by mylo-2001 · poc
https://github.com/mylo-2001/SAPSlayer

This repository contains a functional exploit for CVE-2024-22127, targeting SAP services with a reverse shell payload. The exploit includes fingerprinting, a simulated CVE-2024-22127 exploit, and a DIAG reverse shell module.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAP Gateway
No auth needed
Prerequisites: Network access to SAP Gateway service · Listener setup for reverse shell
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0159
EPSS Percentile 72.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
sap/netweaver_application_server_java 7.5
Published Mar 12, 2024
Tracked Since Feb 18, 2026