The vulnerability could allow an unauthenticated application to be used in SAP NetWeaver. The vulnerability has been given a CVSS score of 10. Both SAP and CISA have issued a patch for the vulnerability, which has been described as ‘vulnerable’ The vulnerability is a lack of authentication in a web component of the software that could be used to attack a web application in a broad swath of SAP applications, such as those of the company’s NetWeaker AS Java. The patch is issued immediately.”]