332 matches found
SAP Memory Pipes (MPI) Desynchronization
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...
CVE-2026-40129
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...
CVE-2026-40135
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...
CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...
CVE-2026-40129
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...
SAP NetWeaver ABAP Platform和SAP NetWeaver Application Server for ABAP 代码注入漏洞
SAP NetWeaver ABAP Platform and SAP NetWeaver Application Server for ABAP are both products of SAP, a German company. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP NetWeaver Application Server for ABAP is a core application server platform. Both SAP NetWeaver ABAP Platform...
CVE-2026-23687
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...
CVE-2026-24320 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
Due to improper memory management in SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory...
CVE-2026-24320 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
Due to improper memory management in SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory...
CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...
CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...
CVE-2026-23687
CVE-2026-23687 affects SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML to the verifier, potentially allowing tampered identity information and leading to unauthorized access to...
CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...
SAP AS ABAP和SAP NetWeaver ABAP Platform 数据伪造问题漏洞
SAP AS ABAP and SAP NetWeaver ABAP Platform are both products of the German company SAP. SAP AS ABAP is a development tool for SAP software. SAP NetWeaver ABAP Platform is an integrated technology platform. Both SAP AS ABAP and SAP NetWeaver ABAP Platform have vulnerabilities related to data...
PT-2026-7219
Due to improper memory management in SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory...
SAP ABAP Platform 安全漏洞
SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...
CVE-2026-0506
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
PT-2026-2340
Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...
SAP Application Server for ABAP 安全漏洞
SAP Enterprise Search for ABAP is an enterprise-level unified search software from SAP, a German company. A security vulnerability exists in SAP Enterprise Search for ABAP that stems from a lack of authorization checking and could lead to database table contents being read and exported...
CVE-2025-42902
Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it h...