SAP

Netweaver Application Server Abap

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-27499

  • EPSS 0.42%
  • Published 11.04.2023 03:15:07
  • Last modified 21.11.2024 07:53:01

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability....

9.6

CVE-2023-27501

  • EPSS 0.22%
  • Published 14.03.2023 06:15:12
  • Last modified 21.11.2024 07:53:02

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory trav...

8.1

CVE-2023-27500

Media report
  • EPSS 0.42%
  • Published 14.03.2023 06:15:12
  • Last modified 21.11.2024 07:53:02

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unav...

6.5

CVE-2023-27270

  • EPSS 0.19%
  • Published 14.03.2023 05:15:30
  • Last modified 21.11.2024 07:52:34

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-adminis...

9.6

CVE-2023-27269

  • EPSS 0.42%
  • Published 14.03.2023 05:15:30
  • Last modified 21.11.2024 07:52:34

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an availab...

7.4

CVE-2023-26459

  • EPSS 0.1%
  • Published 14.03.2023 05:15:30
  • Last modified 21.11.2024 07:51:31

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigg...

6.5

CVE-2023-25618

  • EPSS 0.19%
  • Published 14.03.2023 05:15:29
  • Last modified 21.11.2024 07:49:50

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a no...

6.1

CVE-2023-25614

  • EPSS 0.4%
  • Published 14.02.2023 04:15:13
  • Last modified 21.11.2024 07:49:49

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful...

6.1

CVE-2023-23859

  • EPSS 0.44%
  • Published 14.02.2023 04:15:12
  • Last modified 21.11.2024 07:46:59

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some...

6.1

CVE-2023-23860

  • EPSS 0.28%
  • Published 14.02.2023 04:15:12
  • Last modified 21.11.2024 07:46:59

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious...