SAP

Netweaver Application Server Abap

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-24522

  • EPSS 0.6%
  • Veröffentlicht 14.02.2023 04:15:12
  • Zuletzt bearbeitet 21.11.2024 07:48:02

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gai...

6.1

CVE-2023-23858

  • EPSS 0.21%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:59

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the trick...

5.4

CVE-2023-23854

  • EPSS 0.07%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:57

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.1

CVE-2023-23853

  • EPSS 0.21%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:57

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redi...

9.8

CVE-2023-0014

  • EPSS 0.39%
  • Veröffentlicht 10.01.2023 04:15:09
  • Zuletzt bearbeitet 21.11.2024 07:36:23

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates...

6.1

CVE-2023-0013

  • EPSS 0.48%
  • Veröffentlicht 10.01.2023 03:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:23

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XS...

4.7

CVE-2022-41215

  • EPSS 0.16%
  • Veröffentlicht 08.11.2022 22:15:19
  • Zuletzt bearbeitet 21.11.2024 07:22:50

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

8.7

CVE-2022-41214

  • EPSS 0.16%
  • Veröffentlicht 08.11.2022 22:15:19
  • Zuletzt bearbeitet 21.11.2024 07:22:50

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an...

4.9

CVE-2022-41212

  • EPSS 0.15%
  • Veröffentlicht 08.11.2022 22:15:19
  • Zuletzt bearbeitet 21.11.2024 07:22:50

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an a...

6.1

CVE-2022-39799

  • EPSS 0.46%
  • Veröffentlicht 13.09.2022 16:15:09
  • Zuletzt bearbeitet 10.06.2025 14:15:24

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affec...