SAP

SAP NetWeaver

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 0.21%
  • Veröffentlicht 09.06.2026 00:21:17
  • Zuletzt bearbeitet 09.06.2026 02:08:28

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of priv...

Medienbericht
  • EPSS 0.23%
  • Veröffentlicht 09.06.2026 00:20:58
  • Zuletzt bearbeitet 09.06.2026 02:08:28

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identit...

  • EPSS 0.2%
  • Veröffentlicht 09.06.2026 00:20:48
  • Zuletzt bearbeitet 09.06.2026 02:08:28

Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during ...

Medienbericht
  • EPSS 0.45%
  • Veröffentlicht 09.06.2026 00:20:14
  • Zuletzt bearbeitet 09.06.2026 02:08:28

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the i...

Medienbericht
  • EPSS 0.44%
  • Veröffentlicht 09.06.2026 00:20:04
  • Zuletzt bearbeitet 09.06.2026 02:08:28

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to...

  • EPSS 0.17%
  • Veröffentlicht 14.05.2026 18:33:26
  • Zuletzt bearbeitet 03.06.2026 19:27:45

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affecte...

  • EPSS 1.4%
  • Veröffentlicht 12.05.2026 02:21:40
  • Zuletzt bearbeitet 03.06.2026 18:33:28

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the ...

  • EPSS 0.22%
  • Veröffentlicht 12.05.2026 02:19:26
  • Zuletzt bearbeitet 03.06.2026 19:08:54

Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a ma...

  • EPSS 0.16%
  • Veröffentlicht 14.04.2026 00:08:39
  • Zuletzt bearbeitet 03.06.2026 19:06:45

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impa...

  • EPSS 0.19%
  • Veröffentlicht 14.04.2026 00:06:50
  • Zuletzt bearbeitet 03.06.2026 19:05:51

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If...