SAP

Netweaver Application Server Abap

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-23859

  • EPSS 0.61%
  • Veröffentlicht 14.02.2023 04:15:12
  • Zuletzt bearbeitet 21.11.2024 07:46:59

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some...

6.1

CVE-2023-23860

  • EPSS 0.34%
  • Veröffentlicht 14.02.2023 04:15:12
  • Zuletzt bearbeitet 21.11.2024 07:46:59

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious...

6.1

CVE-2023-23858

  • EPSS 0.29%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:59

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the trick...

5.4

CVE-2023-23854

  • EPSS 0.09%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:57

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.1

CVE-2023-23853

  • EPSS 0.32%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:57

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redi...

9.8

CVE-2023-0014

  • EPSS 0.41%
  • Veröffentlicht 10.01.2023 04:15:09
  • Zuletzt bearbeitet 21.11.2024 07:36:23

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates...

6.1

CVE-2023-0013

  • EPSS 0.43%
  • Veröffentlicht 10.01.2023 03:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:23

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XS...

4.7

CVE-2022-41215

  • EPSS 0.16%
  • Veröffentlicht 08.11.2022 22:15:19
  • Zuletzt bearbeitet 21.11.2024 07:22:50

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

8.7

CVE-2022-41214

  • EPSS 0.42%
  • Veröffentlicht 08.11.2022 22:15:19
  • Zuletzt bearbeitet 21.11.2024 07:22:50

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an...

4.9

CVE-2022-41212

  • EPSS 0.48%
  • Veröffentlicht 08.11.2022 22:15:19
  • Zuletzt bearbeitet 21.11.2024 07:22:50

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an a...