CVE-2026-27675

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

CVE-2026-27675

CVE-2026-27675 affects SAP Landscape Transformation via an RFC-exposed function module that could allow a high-privilege attacker to inject arbitrary ABAP code and operating-system commands. The described impact is limited: confidentiality and availability are unaffected, while integrity could be...

PT-2026-32555

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service...

EUVD-2021-24646

Malware in sbrugna...

EUVD-2025-10103

Malicious code in bioql PyPI...

CVE-2025-42950

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-42950

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-31330

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-31330

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-27429

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

PT-2025-15376 · Sap · Sap Landscape Transformation

Name of the Vulnerable Software and Affected Versions: SAP Landscape Transformation SLT affected versions not specified Description: The issue allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC, enabling the injection of arbitrary ABAP code...

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection Exploit

SAP Netweaver version SAP DMIS 20111731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUCRECONRCCOUNTTABLEBIG. ======================================================================= title: Remote ABAP Code Injection in SAP IUUCRECONRCCOUNTTABLEBIG product: SAP Netweaver...

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection Exploit

SAP Netweaver versions SAP DMIS in at least 20111731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUCGENERATEACPLANDELIMITER. ============================================================================== title: Remote ABAP Code Injection in...

CVE-2021-38176

The connected documents confirm a concrete vulnerability: CVE-2021-38176 affects SAP NZDT (a conversion/deployment of SAP S/4HANA 1809 to AWS). The root cause is improper input sanitization in NZDT function modules, allowing an authenticated user with certain privileges to remotely invoke these m...

CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service...

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...