133 matches found
SAP NetWeaver AS ABAP File Upload Vulnerability (May 2024) (3448171)
The remote SAP NetWeaver ABAP server may be affected by an arbitrary file upload vulnerability. An arbitrary file upload vulnerability exists in the content repositiory due to missing a signature check. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote...
SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability (CNVD-2024-10201)
SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from a cross-site scripting XSS vulnerability due to insufficient encoding of user-controlled input. An...
SAP NetWeaver AS ABAP Information Disclosure (3392547)
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...
CVE-2023-37492
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, SAPBASIS 740, SAPBASIS 750, SAPBASIS 752, SAPBASIS 753, SAPBASIS 754, SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, SAPBASIS 793, SAPBASIS 804, does not perform...
SAP NetWeaver ABAP Server 操作系统命令注入漏洞
SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. SAP NetWeaver ABAP Server suffers from an operating system command injection vulnerability that arises from the application failing to properly filter constructor command special characters,...
CVE-2023-27270
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...
CVE-2023-27270
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...
CVE-2023-25618
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the ability to bypass the authentication process, allowing unauthorized users to gain unauthorized access to the system.
The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the bypassing of the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthoriz...
SAP NetWeaver AS ABAP XSS (3283283)
The ABAP Keyword Documentation of SAP NetWeaver Application Server for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity ...
Design/Logic Flaw
SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...
CVE-2023-0014
CVE-2023-0014 affects SAP NetWeaver ABAP Server and ABAP Platform on multiple SAP_BASIS versions (700…757) and kernel/CR components (e.g., 7.22, 7.53, 7.77, 7.81, 7.85, 7.89; KRNL64UC/NUC) where the system identity is created in an ambiguous format. This behavior can enable a capture-replay vulne...
SAP NetWeaver和SAP NetWeaver ABAP Server 安全漏洞
SAP NetWeaver and SAP NetWeaver ABAP Server are products of SAP, Germany.SAP NetWeaver is an integrated, service-oriented application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a...
SAP NetWeaver和SAP NetWeaver Application Server 路径遍历漏洞
SAP NetWeaver and SAP NetWeaver Application Server are both products of SAP, a service-oriented, integrated application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a development and...
CVE-2022-35294
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing...
SAP NetWeaver Application Server 跨站脚本漏洞
SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...
PT-2022-18880 · Sap · Sap Netweaver Abap Server +1
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750, 787 Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked t...
CVE-2021-40499
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
SAP NetWeaver AS ABAP Code Injection (3048657)
A code injection vulnerability exists in SAP NetWeaver Application Server ABAP Reconciliation Framework. ABAP Server and ABAP Platform may allow a high privileged attacker to inject code that can be executed by the application. An attacker could potentially delete critical information and make th...
SAP NetWeaver AS ABAP and ABAP Information Disclosure (3044754)
An information disclosure vulnerability exists in SAP NetWeaver Application Server ABAP. ABAP Server and ABAP Platform may expose functions externally that can lead to an information disclosure. Note that Nessus has not tested for this issue but has instead relied only on the application's...