SAP

Netweaver Abap

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-42976

Media report
  • EPSS 0.06%
  • Published 12.08.2025 02:10:06
  • Last modified 12.08.2025 14:25:33

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash ...

6.1

CVE-2025-42975

Media report
  • EPSS 0.12%
  • Published 12.08.2025 02:10:00
  • Last modified 12.08.2025 14:25:33

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the...

6.1

CVE-2025-42956

  • EPSS 0.13%
  • Published 08.07.2025 06:57:25
  • Last modified 08.07.2025 16:18:14

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used...

6.3

CVE-2024-33005

  • EPSS 0.07%
  • Published 13.08.2024 04:15:07
  • Last modified 12.09.2024 14:39:03

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This co...

5

CVE-2022-29614

Exploit
  • EPSS 0.14%
  • Published 14.06.2022 19:15:07
  • Last modified 21.11.2024 06:59:26

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49,...

4.3

CVE-2022-29612

  • EPSS 0.15%
  • Published 14.06.2022 17:15:08
  • Last modified 21.11.2024 06:59:25

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to ...

4.7

CVE-2022-28215

  • EPSS 0.42%
  • Published 12.04.2022 17:15:10
  • Last modified 21.11.2024 06:56:57

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal informat...

4.9

CVE-2022-22545

  • EPSS 0.36%
  • Published 09.02.2022 23:15:19
  • Last modified 21.11.2024 06:46:59

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 7...

7.5

CVE-2022-22543

  • EPSS 0.73%
  • Published 09.02.2022 23:15:18
  • Last modified 21.11.2024 06:46:59

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently valid...

4.3

CVE-2021-42067

  • EPSS 0.26%
  • Published 14.01.2022 20:15:11
  • Last modified 21.11.2024 06:27:10

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would...