CVE-2026-40135

This CVE concerns SAP NetWeaver Application Server for ABAP and ABAP Platform. An OS Command Injection allows an authenticated attacker with administrative privileges to execute arbitrary shell commands on the server, bypassing the logging mechanism and potentially impacting integrity and availab...

CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

EUVD-2026-10442

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

EUVD-2026-10445

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

CVE-2026-27688

CVE-2026-27688 affects SAP NetWeaver Application Server for ABAP. A missing authorization check allows an authenticated user with privileges to execute a specific RFC function module to read Database Analyzer Log Files, potentially escalating privileges and exposing confidential data. Impact is l...

PT-2026-24154

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description A missing authorization check in SAP NetWeaver Application Server for ABAP allows an authenticated attacker to execute a specific ABAP function module. This...

CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a lack of authorization checking and could allow an authenticated attacker to misuse RFC functions to execute form routines in the ABAP...

SAP NetWeaver AS Missing Authentication (December 2025)

The version of SAP NetWeaver Application Server detected on the remote host is affected by a missing authentication vulnerability as disclosed in the SAP Security Patch Day December 2025: - The SAP Internet Communication Framework does not conduct any authentication checks for features that need...

CVE-2025-42882

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

CVE-2025-42918

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

SAP NetWeaver Server ABAP Authorization Issues Vulnerability

SAP NetWeaver Server ABAP is an application server from SAP, Germany. SAP NetWeaver Server ABAP suffers from an authorization issue vulnerability that stems from a lack of authorization checking in the virus scanning interface, which could be exploited by an attacker to access sensitive data...

SAP NetWeaver Server ABAP 安全漏洞

SAP NetWeaver Server ABAP is an application server from SAP, Germany. SAP NetWeaver Server ABAP suffers from an authorization issue vulnerability that stems from a lack of authorization checking in the virus scanning interface, which could be exploited by an attacker to access sensitive data...

SAP NetWeaver Server ABAP Information Disclosure Vulnerability (CNVD-2025-07609)

SAP NetWeaver Server ABAP is an application server from SAP Germany. An information disclosure vulnerability exists in SAP NetWeaver Server ABAP. The vulnerability stems from the server generating different responses depending on the presence or absence of a particular user, thereby disclosing...

CVE-2025-23193

CVE-2025-23193 describes an information-disclosure vulnerability in SAP NetWeaver Server ABAP. An unauthenticated attacker can provoke the server to respond differently depending on the existence of a specified user, potentially leaking sensitive information. The issue does not enable data modifi...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from a program that allows a user with elevated privileges to execute a program that displays data over the network...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to read any user's workplace favorites and user menus, as well as all...

The vulnerability of software for developing and executing applications in the ABAP language of SAP NetWeaver Application Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerabilities in software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality, integrity, and...

SAP NetWeaver Application Server 输入验证错误漏洞

SAP NetWeaver Application Server is an application server from SAP. SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, An input validation error vulnerability exists in version 790. An attacker could use this...

SAP NetWeaver Application Server 跨站脚本漏洞

A cross-site scripting vulnerability exists in SAP NetWeaver Application Server, an application server from SAP, which stems from an ABAP keyword document that does not adequately encode user-controlled input and can be exploited to cause Cross-site scripting attack...