Skip to main content

Netweaver Application Server Abap

75 CVEs product

Monthly

CVE-2026-0488 CRITICAL Act Now

Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.

SAP Netweaver Application Server Abap Webclient Ui Framework
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-0506 HIGH PATCH This Week

Netweaver Application Server Abap versions up to 700 is affected by missing authorization (CVSS 8.1).

Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-41728 LOW PATCH Monitor

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-44114 LOW PATCH Monitor

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-41734 MEDIUM This Month

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-41732 MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-33001 MEDIUM PATCH This Month

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24740 MEDIUM This Month

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21738 MEDIUM Monitor

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2023-49581 CRITICAL Act Now

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Microsoft SQLi Netweaver Application Server Abap
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2023-41366 MEDIUM This Month

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-40624 MEDIUM This Month

SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40309 CRITICAL Act Now

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commoncryptolib Content Server Extended Application Services And Runtime +6
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40308 HIGH This Week

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow SAP Commoncryptolib Content Server +7
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37492 MEDIUM This Month

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-35874 HIGH This Week

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-28763 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27499 MEDIUM This Month

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27501 CRITICAL Act Now

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-27500 HIGH This Week

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-27270 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27269 CRITICAL Act Now

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-26459 HIGH This Week

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF Netweaver Application Server Abap
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-25618 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25614 MEDIUM This Month

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24522 MEDIUM This Month

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23860 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23859 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23858 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23854 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23853 MEDIUM This Month

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0014 CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap Netweaver Application Server Abap Kernel Netweaver Application Server Abap Krnl64Nuc +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0013 MEDIUM This Month

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41215 MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-41214 HIGH This Week

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2022-41212 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-39799 MEDIUM This Month

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35294 MEDIUM This Month

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29611 HIGH This Week

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-29610 MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-26102 MEDIUM This Month

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44235 MEDIUM This Month

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-44231 CRITICAL Act Now

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-40504 MEDIUM This Month

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-40499 CRITICAL Act Now

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-40496 MEDIUM This Month

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-40495 MEDIUM This Month

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-38181 HIGH This Week

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38178 HIGH This Week

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-33684 MEDIUM This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-33678 MEDIUM POC This Month

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-33677 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-27610 CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-33665 MEDIUM This Month

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33664 MEDIUM This Month

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33663 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-21490 MEDIUM This Month

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21473 MEDIUM POC This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2021-27611 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service SAP Code Injection Netweaver Application Server Abap
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-27603 MEDIUM This Month

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21446 HIGH This Week

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26835 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26832 HIGH POC This Week

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation),. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap S 4 Hana
NVD
CVSS 3.1
7.6
EPSS
2.2%
CVE-2020-26819 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-26818 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6371 MEDIUM This Month

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions -. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6310 MEDIUM This Month

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6299 MEDIUM This Month

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6296 HIGH This Week

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-6280 LOW Monitor

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2020-6275 CRITICAL Act Now

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-6270 MEDIUM This Month

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6240 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0321 MEDIUM This Month

ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap Netweaver As Abap
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0257 HIGH This Week

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap Netweaver As Abap
NVD
CVSS 3.1
8.8
EPSS
1.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.

SAP Netweaver Application Server Abap Webclient Ui Framework
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Netweaver Application Server Abap versions up to 700 is affected by missing authorization (CVSS 8.1).

Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 4.1
MEDIUM Monitor

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Microsoft +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commoncryptolib +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow SAP +9
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 0% CVSS 7.4
HIGH This Week

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure XSS +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Abap Platform +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Code Injection +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Abap +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Abap +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Abap +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Abap +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption SAP +2
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Code Injection Netweaver Application Server Abap
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Abap +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Abap +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service SAP +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP +1
NVD
EPSS 2% CVSS 7.6
HIGH POC This Week

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation),. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions -. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP Abap Platform +1
NVD
EPSS 1% CVSS 2.7
LOW Monitor

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy