CVE-2024-37180

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

CVE-2024-37180 [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

CVE-2024-21737

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Design/Logic Flaw

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

PT-2023-15951 · Sap · Sap Grc

Name of the Vulnerable Software and Affected Versions: SAP GRC Process Control versions GRCFND A V8100 through GRCFND A V1200 SAP GRC Process Control versions GRCPINW V1100 700 through GRCPINW V1200 750 Description: The issue allows an authenticated attacker with minimal privileges to access all...

Design/Logic Flaw

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

CVE-2022-41264

The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...

Xiaomi MIUI elevation of privilege vulnerability

Xiaomi MIUI is an Android-based smartphone operating system developed by Xiaomi Technology Xiaomi in China. version 12.5.2 of Xiaomi MIUI contains a security vulnerability that stems from a memory pointer being copied to two function modules when a function is called. An attacker could exploit th...

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware...

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection

SEC Consult Vulnerability Lab Security Advisory ============================================================================== title: Remote ABAP Code Injection in IUUCGENERATEACPLANDELIMITER product: SAP Netweaver vulnerable version: SAP DMIS in at least 20111731 = SP 0013 fixed version: see...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2021-21473

CVE-2021-21473 affects SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755. The issue is in function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user, allowing an unauthorized user to execute r...

CVE-2021-27603

An RFC enabled function module SPIWAITMILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the...

CVE-2021-27603

An RFC enabled function module SPIWAITMILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the...

CVE-2021-27603

An RFC enabled function module SPIWAITMILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the...

PT-2021-17539 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 731, 740, 750 Description: The issue allows an attacker to cause a Denial of Service, affecting the Availability of the SAP system by blocking all work processes. This is achieved by calling the SPI WAIT MILLIS...