Lucene search
K

133 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.84 views

SAP NetWeaver AS ABAP File Upload Vulnerability (May 2024) (3448171)

The remote SAP NetWeaver ABAP server may be affected by an arbitrary file upload vulnerability. An arbitrary file upload vulnerability exists in the content repositiory due to missing a signature check. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote...

9.6CVSS5.8AI score0.00527EPSS
Exploits0References3
CNVD
CNVD
added 2024/01/12 12:0 a.m.25 views

SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability (CNVD-2024-10201)

SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from a cross-site scripting XSS vulnerability due to insufficient encoding of user-controlled input. An...

5.4CVSS5.5AI score0.00298EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.41 views

SAP NetWeaver AS ABAP Information Disclosure (3392547)

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

9.4CVSS8.3AI score0.00506EPSS
Exploits0References3
OSV
OSV
added 2023/08/08 1:15 a.m.4 views

CVE-2023-37492

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, SAPBASIS 740, SAPBASIS 750, SAPBASIS 752, SAPBASIS 753, SAPBASIS 754, SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, SAPBASIS 793, SAPBASIS 804, does not perform...

6.5CVSS5.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.3 views

SAP NetWeaver ABAP Server 操作系统命令注入漏洞

SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. SAP NetWeaver ABAP Server suffers from an operating system command injection vulnerability that arises from the application failing to properly filter constructor command special characters,...

9.1CVSS7.6AI score0.00845EPSS
Exploits0References3
NVD
NVD
added 2023/03/14 5:15 a.m.23 views

CVE-2023-27270

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...

6.5CVSS6.6AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2023/03/14 5:15 a.m.3 views

CVE-2023-27270

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...

6.5CVSS6.6AI score0.00613EPSS
Exploits0References2
NVD
NVD
added 2023/03/14 5:15 a.m.33 views

CVE-2023-25618

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with...

6.5CVSS6.6AI score0.00613EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/01/18 12:0 a.m.6 views

The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the ability to bypass the authentication process, allowing unauthorized users to gain unauthorized access to the system.

The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the bypassing of the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthoriz...

9CVSS7.8AI score0.00693EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/13 12:0 a.m.72 views

SAP NetWeaver AS ABAP XSS (3283283)

The ABAP Keyword Documentation of SAP NetWeaver Application Server for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity ...

6.1CVSS6.2AI score0.00357EPSS
Exploits0References3
Prion
Prion
added 2023/01/10 4:15 a.m.26 views

Design/Logic Flaw

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

7.5CVSS9AI score0.00693EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2023/01/10 3:2 a.m.117 views

CVE-2023-0014

CVE-2023-0014 affects SAP NetWeaver ABAP Server and ABAP Platform on multiple SAP_BASIS versions (700…757) and kernel/CR components (e.g., 7.22, 7.53, 7.77, 7.81, 7.85, 7.89; KRNL64UC/NUC) where the system identity is created in an ambiguous format. This behavior can enable a capture-replay vulne...

9.8CVSS9.1AI score0.00693EPSS
Exploits0References2Affected Software4
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.18 views

SAP NetWeaver和SAP NetWeaver ABAP Server 安全漏洞

SAP NetWeaver and SAP NetWeaver ABAP Server are products of SAP, Germany.SAP NetWeaver is an integrated, service-oriented application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a...

9.8CVSS8.2AI score0.00693EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.4 views

SAP NetWeaver和SAP NetWeaver Application Server 路径遍历漏洞

SAP NetWeaver and SAP NetWeaver Application Server are both products of SAP, a service-oriented, integrated application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a development and...

4.9CVSS6AI score0.00764EPSS
Exploits0References4
OSV
OSV
added 2022/09/13 4:15 p.m.6 views

CVE-2022-35294

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing...

5.4CVSS5.8AI score0.00434EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.4 views

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

5.4CVSS5.7AI score0.00425EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.4 views

PT-2022-18880 · Sap · Sap Netweaver Abap Server +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750, 787 Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked t...

4.7CVSS4.5AI score0.00789EPSS
Exploits0References5
OSV
OSV
added 2021/10/12 3:15 p.m.7 views

CVE-2021-40499

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

9.8CVSS7.3AI score0.01123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/19 12:0 a.m.42 views

SAP NetWeaver AS ABAP Code Injection (3048657)

A code injection vulnerability exists in SAP NetWeaver Application Server ABAP Reconciliation Framework. ABAP Server and ABAP Platform may allow a high privileged attacker to inject code that can be executed by the application. An attacker could potentially delete critical information and make th...

7.5CVSS7AI score0.02546EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.64 views

SAP NetWeaver AS ABAP and ABAP Information Disclosure (3044754)

An information disclosure vulnerability exists in SAP NetWeaver Application Server ABAP. ABAP Server and ABAP Platform may expose functions externally that can lead to an information disclosure. Note that Nessus has not tested for this issue but has instead relied only on the application's...

7.5CVSS7AI score0.00935EPSS
Exploits0References3
Rows per page
Query Builder