Skip to main content
CVE-2025-42948 MEDIUM This Month

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42946 MEDIUM This Month

Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Path Traversal
NVD
CVSS 3.1
6.9
EPSS
0.1%
CVE-2025-42945 MEDIUM This Month

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Code Injection
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-42943 MEDIUM Monitor

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-42942 MEDIUM This Month

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42936 MEDIUM PATCH This Month

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SAP Privilege Escalation Sap Basis
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-42935 MEDIUM Monitor

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive. Rated medium severity (CVSS 4.1). No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-42934 MEDIUM Monitor

SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy