SAP

Netweaver Application Server Abap

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-24522

  • EPSS 0.6%
  • Published 14.02.2023 04:15:12
  • Last modified 21.11.2024 07:48:02

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gai...

6.1

CVE-2023-23858

  • EPSS 0.21%
  • Published 14.02.2023 04:15:11
  • Last modified 21.11.2024 07:46:59

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the trick...

5.4

CVE-2023-23854

  • EPSS 0.07%
  • Published 14.02.2023 04:15:11
  • Last modified 21.11.2024 07:46:57

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.1

CVE-2023-23853

  • EPSS 0.21%
  • Published 14.02.2023 04:15:11
  • Last modified 21.11.2024 07:46:57

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redi...

9.8

CVE-2023-0014

  • EPSS 0.39%
  • Published 10.01.2023 04:15:09
  • Last modified 21.11.2024 07:36:23

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates...

6.1

CVE-2023-0013

  • EPSS 0.48%
  • Published 10.01.2023 03:15:10
  • Last modified 21.11.2024 07:36:23

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XS...

4.7

CVE-2022-41215

  • EPSS 0.16%
  • Published 08.11.2022 22:15:19
  • Last modified 21.11.2024 07:22:50

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

8.7

CVE-2022-41214

  • EPSS 0.16%
  • Published 08.11.2022 22:15:19
  • Last modified 21.11.2024 07:22:50

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an...

4.9

CVE-2022-41212

  • EPSS 0.15%
  • Published 08.11.2022 22:15:19
  • Last modified 21.11.2024 07:22:50

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an a...

6.1

CVE-2022-39799

  • EPSS 0.46%
  • Published 13.09.2022 16:15:09
  • Last modified 10.06.2025 14:15:24

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affec...