SAP ≫ SAP NetWeaver

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does...

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tok...

Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path componen...

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modifi...

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This dis...

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated a...

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which ...

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to ...

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and ...

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gathe...