CVE-2025-42968

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module)

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module)

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

SAP NetWeaver 安全漏洞

SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver that originates from an authenticated, non-administrative use...

CVE-2024-45285

The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any...

CVE-2024-44115

The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application...

CVE-2021-21466

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...

The vulnerability of the RFC Enabled Function Module component in software integration platforms such as SAP NetWeaver and ABAP Platform arises from deficiencies in authentication procedures, allowing unauthorized access to protected information.

The vulnerability of the RFC Enabled Function Module in software integration platforms such as SAP NetWeaver and ABAP Platform is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

SAP S/4HANA 代码注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA that originates from the injection of arbitrary ABAP code into a function module, which could result in full control of...

PT-2025-15367 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...

CVE-2025-23190

CVE-2025-23190 affects SAP NetWeaver/ABAP platform (ST-PI). The root cause is a missing authorization check that allows an authenticated attacker to call a remote-enabled function module and access data they normally cannot view. The attacker cannot modify data or affect system availability as de...

CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

CVE-2025-23189 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

CVE-2024-44117

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2024-45285 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any...

CVE-2024-44117 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2024-45286

CVE-2024-45286 affects SAP Production and Revenue Accounting, specifically a function module in the obsolete Tobin interface lacking proper authorization checks. This can lead to unauthorized disclosure of highly sensitive data (confidentiality impact HIGH) with no reported impact on integrity or...

CVE-2024-44116 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application...

CVE-2024-44116

CVE-2024-44116 concerns SAP NetWeaver ABAP/ABAP Platform where an RFC-enabled function module can be abused by a low-privileged user to add any workbook to any user’s workplace favourites. The consequence is exposure of usernames and access information about targeted users’ workplaces, with low i...