Lucene search
K

1280 matches found

NVD
NVD
added 2026/01/13 2:15 a.m.9 views

CVE-2026-0491

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

9.1CVSS0.00436EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/13 1:15 a.m.28 views

CVE-2026-0507 OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...

8.4CVSS0.00878EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 1:14 a.m.25 views

CVE-2026-0506

The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...

8.1CVSS6.6AI score0.00228EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/13 1:13 a.m.31 views

CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

9.1CVSS0.00409EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 1:12 a.m.2 views

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

9.1CVSS7AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.11 views

PT-2026-2340

Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...

8.1CVSS6.6AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

SAP Application Server for ABAP 操作系统命令注入漏洞

SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. SAP Application Server for ABAP suffers from an operating system command injection vulnerability that stems from OS command injection, which could lead to an authenticated attacker uploading special...

8.4CVSS5.9AI score0.00878EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a lack of authorization checking and could allow an authenticated attacker to misuse RFC functions to execute form routines in the ABAP...

8.1CVSS5.9AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2334

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC. An attacker with administrative privileges can exploit this to inject...

9.1CVSS6.2AI score0.00409EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.5 views

PT-2026-2327

Name of the Vulnerable Software and Affected Versions SAP Landscape Transformation affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC that allows an attacker with administrative privileges to inject arbitrary ABAP cod...

9.1CVSS6.8AI score0.00436EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.5 views

CVE-2023-25614

SAP NetWeaver AS ABAP BSP Framework application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive...

6.1CVSS6.9AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.5 views

CVE-2023-49580

SAP GUI for Windows and SAP GUI for Java - versions SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create...

7.3CVSS6.7AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.8 views

CVE-2021-27607

SAP NetWeaver ABAP Server and ABAP Platform Dispatcher, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without...

7.5CVSS7AI score0.01508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.9 views

CVE-2021-27597

SAP NetWeaver AS for ABAP RFC Gateway, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a...

7.5CVSS7AI score0.01508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.8 views

CVE-2021-27610

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by maliciou...

9.8CVSS6.7AI score0.0152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.18 views

CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service...

8.2CVSS6.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.6 views

CVE-2025-23186

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

8.5CVSS7AI score0.00481EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.8 views

CVE-2025-42891

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

5.5CVSS0.00269EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 2:15 a.m.12 views

CVE-2025-42891

CVE-2025-42891 involves a missing authorization check in SAP Enterprise Search for ABAP, enabling a high-privilege attacker to read/export database tables into an ABAP report. Affected component: SAP Enterprise Search for ABAP. Root cause: insufficient authorization checks. Impact (per sources): ...

5.5CVSS6AI score0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 2:15 a.m.3 views

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

5.5CVSS6AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder