Lucene search
+L

341 matches found

cvelist
cvelist
added 2025/04/08 7:14 a.m.28 views

CVE-2025-30015 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

4.1CVSS0.00252EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/04/08 7:13 a.m.7 views

CVE-2025-27428 Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...

7.7CVSS7AI score0.00591EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/04/08 12:0 a.m.10 views

PT-2025-15373 · Sap · Sap Netweaver +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver and ABAP Platform Application Server ABAP affected versions not specified Description: The issue arises from incorrect memory address handling in ABAP SQL, allowing an authenticated attacker with high privileges to execute...

4.6CVSS6.7AI score0.00252EPSS
Exploits0References8
nvd
nvd
added 2025/02/11 1:15 a.m.11 views

CVE-2025-24872

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...

4.3CVSS0.0025EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/02/11 12:37 a.m.5 views

CVE-2025-24872 Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...

4.3CVSS4.7AI score0.0025EPSS
Exploits0References2
cve
cve
added 2025/02/11 12:37 a.m.65 views

CVE-2025-24872

CVE-2025-24872 concerns the SAP ABAP Platform, specifically the ABAP Build Framework. The authenticated attacker can gain unauthorized access to a specific transaction by invoking the add-on build functionality, allowing viewing of the transaction details. The documented impact is limited to conf...

4.3CVSS4.6AI score0.0025EPSS
Exploits0References2
cvelist
cvelist
added 2025/02/11 12:37 a.m.22 views

CVE-2025-24872 Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...

4.3CVSS0.0025EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/02/11 12:35 a.m.13 views

CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

4.3CVSS4.8AI score0.0025EPSS
Exploits0References2
cvelist
cvelist
added 2025/02/11 12:33 a.m.15 views

CVE-2025-23189 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

4.3CVSS0.00235EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/02/11 12:33 a.m.6 views

CVE-2025-23187 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

5.3CVSS5.5AI score0.00274EPSS
Exploits0References2
cve
cve
added 2025/02/11 12:33 a.m.53 views

CVE-2025-23187

CVE-2025-23187 affects SAP NetWeaver and ABAP Platform (RFC-enabled function module in SDCCN). A missing authorization check allows unauthenticated attackers to generate technical metadata, causing low integrity impact and no confidentiality/availability impact. Public details come from NVD/SA so...

5.3CVSS5.3AI score0.00274EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/02/10 12:0 a.m.6 views

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution from SAP, Germany. A security vulnerability exists in SAP ABAP Platform that stems from an authentication flaw that could lead to unauthorized access to specific transactions...

4.3CVSS6.6AI score0.0025EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/10 12:0 a.m.4 views

SAP NetWeaver和ABAP Platform 安全漏洞

SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP...

4.3CVSS6.7AI score0.00235EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/06 2:17 a.m.16 views

CVE-2025-0066

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

9.9CVSS6.6AI score0.00553EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/06 2:15 a.m.7 views

CVE-2025-0063

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...

8.8CVSS7AI score0.00718EPSS
Exploits0References1
nvd
nvd
added 2025/01/14 1:15 a.m.12 views

CVE-2025-0063

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...

8.8CVSS0.00718EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/01/14 12:9 a.m.29 views

CVE-2025-0066 Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

9.9CVSS9.4AI score0.00553EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/14 12:9 a.m.41 views

CVE-2025-0066 Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

9.9CVSS0.00553EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/01/14 12:9 a.m.7 views

CVE-2025-0063 SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...

8.8CVSS8.8AI score0.00718EPSS
Exploits0References2
cve
cve
added 2025/01/14 12:8 a.m.163 views

CVE-2025-0053

The CVE-2025-0053 entry concerns SAP NetWeaver Application Server for ABAP/ABAP Platform where an attacker can unauthenticatedly retrieve system information (e.g., configuration) via a specific URL parameter. The impact is described as limited to confidentiality, potentially aiding further attack...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder