CVE-2024-44115 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application...

CVE-2024-42371

CVE-2024-42371 describes an issue in SAP NetWeaver AS ABAP where an RFC-enabled function module can be abused by a low-privileged user to delete any user’s workplace favourites, potentially exposing usernames and targeted workspace/node information. The impact is listed as low for integrity and a...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add URLs to any user's workplace favorites...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to delete any user's workplace favorites...

PT-2024-31538 · Sap · Sap Gui

Name of the Vulnerable Software and Affected Versions: SAP GUI affected versions not specified Description: The issue allows a low-privileged user to perform a denial of service on any user and also change or delete favourite nodes. This is achieved by sending a crafted packet in the function...

PT-2024-30958 · Sap · Sap

Name of the Vulnerable Software and Affected Versions: SAP affected versions not specified Description: The issue allows a low-privileged user to add URLs to any user's workplace favorites through the RFC enabled function module. This could be used to identify usernames and access information abo...

CVE-2024-39591

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application...

CVE-2024-37180

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

CVE-2024-37180 [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

CVE-2024-21737

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Design/Logic Flaw

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

PT-2023-15951 · Sap · Sap Grc

Name of the Vulnerable Software and Affected Versions: SAP GRC Process Control versions GRCFND A V8100 through GRCFND A V1200 SAP GRC Process Control versions GRCPINW V1100 700 through GRCPINW V1200 750 Description: The issue allows an authenticated attacker with minimal privileges to access all...

Design/Logic Flaw

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

CVE-2022-41264

The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...

Xiaomi MIUI elevation of privilege vulnerability

Xiaomi MIUI is an Android-based smartphone operating system developed by Xiaomi Technology Xiaomi in China. version 12.5.2 of Xiaomi MIUI contains a security vulnerability that stems from a memory pointer being copied to two function modules when a function is called. An attacker could exploit th...

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware...

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection

SEC Consult Vulnerability Lab Security Advisory ============================================================================== title: Remote ABAP Code Injection in IUUCGENERATEACPLANDELIMITER product: SAP Netweaver vulnerable version: SAP DMIS in at least 20111731 = SP 0013 fixed version: see...