CVE-2026-24320
- EPSS 0.01%
- Veröffentlicht 10.02.2026 03:03:42
- Zuletzt bearbeitet 17.02.2026 15:27:30
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are i...
CVE-2026-0509
- EPSS 0.02%
- Veröffentlicht 10.02.2026 03:01:52
- Zuletzt bearbeitet 17.02.2026 16:04:59
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity ...
CVE-2022-27668
- EPSS 2.53%
- Veröffentlicht 14.06.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:56:08
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85...
CVE-2022-29616
- EPSS 0.41%
- Veröffentlicht 11.05.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:59:26
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
CVE-2022-27656
- EPSS 0.4%
- Veröffentlicht 11.05.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:56:06
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.