355 matches found
CVE-2025-42957
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...
CVE-2025-42950
SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...
CVE-2025-42957
CVE-2025-42957 affects SAP S/4HANA with a vulnerability in a function module exposed via RFC that allows an authenticated user to inject arbitrary ABAP code, bypassing authorization checks and potentially taking full control of the SAP environment. The flaw can impact confidentiality, integrity, ...
CVE-2025-42957 Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...
CVE-2025-42950 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...
CVE-2025-42950 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...
CVE-2025-42950
SAP Landscape Transformation (SLT) is affected by a CVE-2025-42950 vulnerability in which an attacker with user privileges can exploit a flaw in a function module exposed via RFC to inject arbitrary ABAP code, bypassing authorization checks and potentially compromising confidentiality, integrity,...
SAP S/4HANA 代码注入漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA, which can be exploited to inject arbitrary ABAP code via RFC...
PT-2025-32613
Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions prior to August 2025 Description SAP S/4HANA contains a critical vulnerability that allows an attacker with user privileges to exploit a flaw in a function module exposed via RFC. This allows the injection of arbitrary ABA...
PT-2025-32610
Name of the Vulnerable Software and Affected Versions: SAP Landscape Transformation SLT affected versions not specified Description: SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a flaw in a function module exposed via Remote Function Call RFC. This enables t...
CVE-2025-42986
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986
CVE-2025-42986 concerns SAP BASIS with a missing authorization check in an obsolete RFC-enabled function module. The root cause allows an authenticated, low-privilege attacker to invoke a Remote Function Call (RFC) and potentially access restricted system information. The documented impact is lim...
CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
SAP NetWeaver Business Warehouse 安全漏洞
SAP NetWeaver Business Warehouse is a data warehouse solution from SAP, Germany. A security vulnerability exists in SAP NetWeaver Business Warehouse, which originates from a privileged attacker who can execute an RFC function module without input parameters resulting in a high CPU load, which may...
Static Analysis for Detecting Transaction Conflicts in Ethereum Smart Contracts
Ethereum smart contracts operate in a concurrent environment where multiple transactions can be submitted simultaneously. However, the Ethereum Virtual Machine EVM enforces sequential execution of transactions within each block to prevent conflicts arising from concurrent access to the same state...
CVE-2025-28993 WordPress Content No Cache plugin <= 0.1.4 - Arbitrary Function Call vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through = 0.1.4...
CVE-2025-28993
CVE-2025-28993 concerns the WordPress plugin Content No Cache . The vulnerability is an Improper Control of Generation of Code (Code Injection) , allowing an arbitrary function call due to flaws in the plugin’s code generation logic. Affected versions are listed as up to 0.1.3 (n/a through 0.1.3)...