CVE-2024-47580
- EPSS 0.52%
- Veröffentlicht 10.12.2024 01:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any f...
CVE-2024-47588
- EPSS 0.13%
- Veröffentlicht 12.11.2024 01:15:04
- Zuletzt bearbeitet 15.04.2026 00:35:42
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administr...
- EPSS 0.17%
- Veröffentlicht 10.09.2024 05:15:12
- Zuletzt bearbeitet 15.04.2026 00:35:42
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive informati...
CVE-2024-45285
- EPSS 0.31%
- Veröffentlicht 10.09.2024 05:15:12
- Zuletzt bearbeitet 15.04.2026 00:35:42
The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted u...
CVE-2024-44117
- EPSS 0.28%
- Veröffentlicht 10.09.2024 05:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.
CVE-2024-44120
- EPSS 0.24%
- Veröffentlicht 10.09.2024 05:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this ...
CVE-2024-45279
- EPSS 0.26%
- Veröffentlicht 10.09.2024 05:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this l...
CVE-2024-45280
- EPSS 0.23%
- Veröffentlicht 10.09.2024 05:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on avail...
CVE-2024-44115
- EPSS 0.25%
- Veröffentlicht 10.09.2024 03:15:03
- Zuletzt bearbeitet 15.04.2026 00:35:42
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low i...
CVE-2024-44116
- EPSS 0.25%
- Veröffentlicht 10.09.2024 03:15:03
- Zuletzt bearbeitet 15.04.2026 00:35:42
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impa...