SAP ≫ Application Server

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If proces...

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentialit...

Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control...