128 matches found
CVE-2021-21466
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...
SAP S/4HANA 代码注入漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA that originates from the injection of arbitrary ABAP code into a function module, which could result in full control of...
PT-2025-15367 · Sap · Sap Solution Manager
Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...
CVE-2025-23190
CVE-2025-23190 affects SAP NetWeaver/ABAP platform (ST-PI). The root cause is a missing authorization check that allows an authenticated attacker to call a remote-enabled function module and access data they normally cannot view. The attacker cannot modify data or affect system availability as de...
CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)
Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...
CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)
Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...
CVE-2025-23189 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...
CVE-2024-44117
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...
CVE-2024-45285 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any...
CVE-2024-44117 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...
CVE-2024-45286
CVE-2024-45286 affects SAP Production and Revenue Accounting, specifically a function module in the obsolete Tobin interface lacking proper authorization checks. This can lead to unauthorized disclosure of highly sensitive data (confidentiality impact HIGH) with no reported impact on integrity or...
CVE-2024-44116 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application...
CVE-2024-44116
CVE-2024-44116 concerns SAP NetWeaver ABAP/ABAP Platform where an RFC-enabled function module can be abused by a low-privileged user to add any workbook to any user’s workplace favourites. The consequence is exposure of usernames and access information about targeted users’ workplaces, with low i...
CVE-2024-44115 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application...
CVE-2024-42371
CVE-2024-42371 describes an issue in SAP NetWeaver AS ABAP where an RFC-enabled function module can be abused by a low-privileged user to delete any user’s workplace favourites, potentially exposing usernames and targeted workspace/node information. The impact is listed as low for integrity and a...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add URLs to any user's workplace favorites...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to delete any user's workplace favorites...
PT-2024-31538 · Sap · Sap Gui
Name of the Vulnerable Software and Affected Versions: SAP GUI affected versions not specified Description: The issue allows a low-privileged user to perform a denial of service on any user and also change or delete favourite nodes. This is achieved by sending a crafted packet in the function...
PT-2024-30958 · Sap · Sap
Name of the Vulnerable Software and Affected Versions: SAP affected versions not specified Description: The issue allows a low-privileged user to add URLs to any user's workplace favorites through the RFC enabled function module. This could be used to identify usernames and access information abo...
CVE-2024-39591
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application...