CVE-2026-27680
- EPSS 0.17%
- Veröffentlicht 14.05.2026 18:33:26
- Zuletzt bearbeitet 03.06.2026 19:27:45
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affecte...
CVE-2026-40135
- EPSS 1.4%
- Veröffentlicht 12.05.2026 02:21:40
- Zuletzt bearbeitet 03.06.2026 18:33:28
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the ...
CVE-2026-27682
- EPSS 0.22%
- Veröffentlicht 12.05.2026 02:19:26
- Zuletzt bearbeitet 03.06.2026 19:08:54
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a ma...
CVE-2026-34257
- EPSS 0.16%
- Veröffentlicht 14.04.2026 00:08:39
- Zuletzt bearbeitet 03.06.2026 19:06:45
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impa...
- EPSS 0.23%
- Veröffentlicht 10.03.2026 00:18:55
- Zuletzt bearbeitet 03.06.2026 18:58:26
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to...
CVE-2026-24316
- EPSS 0.16%
- Veröffentlicht 10.03.2026 00:17:51
- Zuletzt bearbeitet 03.06.2026 18:55:32
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successf...
CVE-2026-24310
- EPSS 0.19%
- Veröffentlicht 10.03.2026 00:17:21
- Zuletzt bearbeitet 03.06.2026 18:59:33
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has...
CVE-2026-24309
- EPSS 0.21%
- Veröffentlicht 10.03.2026 00:17:12
- Zuletzt bearbeitet 03.06.2026 18:54:02
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This un...
CVE-2026-0488
- EPSS 0.49%
- Veröffentlicht 10.02.2026 03:01:08
- Zuletzt bearbeitet 17.02.2026 16:10:03
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This l...
CVE-2026-0506
- EPSS 0.23%
- Veröffentlicht 13.01.2026 01:14:33
- Zuletzt bearbeitet 22.01.2026 18:48:00
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attac...