SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. dot dot in the query string, as exploited in the wild in August 2017, aka SAP Security Note...

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

SAP NetWeaver AS ABAP Reflected XSS (3728690)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a reflected cross-site scripting XSS vulnerability as referenced in SAP Security Note 3728690: - A reflected cross-site scripting XSS vulnerability exists in SAP NetWeaver Application Server ABAP Applications based on...

CVE-2026-27680

CVE-2026-27680 – CSS injection in SAP NetWeaver Application Server ABAP . Improper input handling allows injecting custom CSS into web pages served by the ABAP server; when a user loads or clicks the affected page, the CSS executes. The impact is described as low for confidentiality with no impac...

SAP NetWeaver Application Server ABAP 安全漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a security vulnerability in SAP NetWeaver Application Server ABAP, which arises from improper handling of inputs under certai...

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

EUVD-2026-22168

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

EUVD-2026-10444

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

CVE-2026-24309

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...

SAP S/4HANA和SAP NetWeaver Application Server ABAP 输入验证错误漏洞

SAP S/4HANA and SAP NetWeaver Application Server ABAP are both products of the German company SAP. SAP S/4HANA is an enterprise resource management software based on the SAP HANA memory database system. SAP NetWeaver Application Server ABAP is a platform for running and developing applications...

SAP NetWeaver AS Java Sensitive Information Vulnerability (January 2026)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an Sensitive Information vulnerability as disclosed in the SAP Security Patch Day January 2026: - The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an...

EUVD-2025-60981

Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access...

CVE-2025-42919 Information Disclosure vulnerability in SAP NetWeaver Application Server Java

Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access...

CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

SAP NetWeaver Application Server for ABAP 代码问题漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform from SAP, Germany. A code issue vulnerability exists in SAP NetWeaver Application Server for ABAP that stems from an administrator uploading a file without triggering a malware scan, which could result in the upload o...

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server for ABAP that stems from a lack of authorization checking and could lead to a low-privileged attacker retrieving restricted...

CVE-2025-42908

Due to a Cross-Site Request Forgery CSRF vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated authorization check. This vulnerability could allo...