SAP

Netweaver Application Server Abap

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-35294

  • EPSS 0.38%
  • Veröffentlicht 13.09.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:11:03

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to...

8.8

CVE-2022-29611

  • EPSS 0.4%
  • Veröffentlicht 11.05.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:25

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5.4

CVE-2022-29610

  • EPSS 0.37%
  • Veröffentlicht 11.05.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:25

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.

5.5

CVE-2022-26102

  • EPSS 0.18%
  • Veröffentlicht 10.03.2022 17:47:30
  • Zuletzt bearbeitet 21.11.2024 06:53:25

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even...

7.5

CVE-2022-22540

  • EPSS 0.45%
  • Veröffentlicht 09.02.2022 23:15:18
  • Zuletzt bearbeitet 21.11.2024 06:46:59

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in di...

10

CVE-2022-22536

Warnung
  • EPSS 93.82%
  • Veröffentlicht 09.02.2022 23:15:18
  • Zuletzt bearbeitet 13.03.2025 16:36:39

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a vict...

4.3

CVE-2021-42067

  • EPSS 0.26%
  • Veröffentlicht 14.01.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 06:27:10

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would...

7.2

CVE-2021-44235

  • EPSS 0.12%
  • Veröffentlicht 14.12.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:30:39

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing wi...

9.8

CVE-2021-44231

  • EPSS 0.89%
  • Veröffentlicht 14.12.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:30:38

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

4.9

CVE-2021-40504

  • EPSS 0.11%
  • Veröffentlicht 10.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:24:16

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permiss...