SAP NetWeaver AS Missing Authentication (December 2025)

The version of SAP NetWeaver Application Server detected on the remote host is affected by a missing authentication vulnerability as disclosed in the SAP Security Patch Day December 2025: - The SAP Internet Communication Framework does not conduct any authentication checks for features that need...

EUVD-2025-201852

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42875

CVE-2025-42875 relates to the SAP NetWeaver/Internet Communication Framework where authentication checks are missing for features needing user identification, enabling reuse of authorization tokens. The issue, described across multiple feeds, indicates a vulnerability in SAP’s web/EC framework th...

SAP Internet Communication Framework 访问控制错误漏洞

SAP Internet Communication Framework is an Internet communication architecture from SAP, Germany. An access control error vulnerability exists in SAP Internet Communication Framework, which stems from a lack of authentication checks that could lead to the reuse of authorization tokens...

EUVD-2021-27672

Malicious code in bioql PyPI...

PT-2024-10081 · Sap · Sap Netweaver As For Abap/Abap Platform

The affected software is SAP NetWeaver AS for ABAP and ABAP Platform, specifically the Internet Communication Framework. This issue arises from weak access controls, allowing attackers to access restricted information and potentially compromising application integrity, confidentiality, and...

SAP NetWeaver AS ABAP Multiple Vulnerabilities (Oct 2021)

Multiple vulnerabilities may be present in SAP NetWeaver Application Server ABAP, including the following: - SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service,...

PT-2021-22902 · Sap · Sap Internet Communication Framework

Name of the Vulnerable Software and Affected Versions: SAP Internet Communication framework ICM versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785 Description: The issue allows an attacker with logon functionality to exploit the authentication function. This can be done...

Sap Internet Communication Framework 访问控制错误漏洞

Sap Internet Communication Framework is an Internet communication framework from Sap, a German company. A security vulnerability exists in SAP Internet Communication framework, which arises from a configuration or other error in the operation of a network system or product. An unauthorized attack...

CVE-2016-9832

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

SAP Internet Communication Framework (BC-MID-ICF) Vulnerability

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Internet Communication Framework BC-MID-ICF Vendor: SAP Subject: Multiple XSS, HTML Injection Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: June, 17th 2007 Introduction: -------------...

Internet Communication Framework multiple security vulnerabilities

Multiple crossite cripting vulnerabilities...

SAP Internet Communication Framework多个跨站脚本漏洞

SAP Internet Communication Framework是一款Internet通信架构。 SAP Internet Communication Framework不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 默认的登录错误页不正确过滤用户提交的输入，可触发跨站脚本问题，构建恶意WEB页，诱使用户访问，可导致获得目标用户敏感信息。 SAP Internet Communication Framework 700 SP11 SAP Internet Communication Framework 640 SP19 SAP Note N...