SAP ≫ SAP NetWeaver

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low i...

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script execut...

SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability o...

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of rem...

Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is ...

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payl...

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditi...

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact o...

SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host...

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting a...