131 matches found
CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...
CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...
CVE-2024-33005 Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server ABAP and Java, and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server. An authenticated attacker could exploit the vulnerability to invoke underlying transactions, which could lead to the disclosure of user-related...
CVE-2024-39599 [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform
Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...
SAP NetWeaver Application Server Information Disclosure Vulnerability
SAP NetWeaver Application Server is an application server from SAP, Germany. An information disclosure vulnerability exists in SAP NetWeaver Application Server, which arises from a vulnerability that allows an attacker to access remotely enabled function modules without further authorization unde...
SAP NetWeaver Application Server 代码问题漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A file upload vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from the application's lack of effective validation of uploaded files. The vulnerability can be exploited to remotely...
SAP NetWeaver Application Server 跨站脚本漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from a cross-site scripting XSS vulnerability due to failure to adequately encode user-controlled input...
SAP NetWeaver AS Cross-Site Scripting Vulnerability
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS for Java version 7.50, which stems from incorrect validation and encoding of incoming...
The vulnerability of the Generic Request and Message Generator (GRMG)/Heartbeat service on the SAP NetWeaver AS for Java software platform allows a attacker to perform an SSRF attack.
The vulnerability of the Generic Request and Message Generator GRMG/Heartbeat service on the SAP NetWeaver AS for Java software platform is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
SAP NetWeaver AS 跨站脚本漏洞
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...
SAP NetWeaver Application Server 授权问题漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. An authorization issue vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, which arises from performing incorrect authentication checks for functions that require a user's identity under...
PT-2023-19674 · Sap · Sap Netweaver Application Server Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java for Classload Service version 7.50 Description: The issue results in escalation of privileges due to the lack of authentication checks for functionalities that require user identity. This has a low impact...
SAP NetWeaver Application Server 资源管理错误漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A resource management error vulnerability exists in SAP NetWeaver Application Server, which stems from multiple vulnerabilities found in a single class. An attacker could exploit the vulnerability to construct requests...
CVE-2023-23853
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could rea...
CVE-2023-23853
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could rea...
PT-2023-19255 · Sap · Sap Netweaver Application Server For Abap/Abap Platform
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752 Description: The issue results from the lack of necessary authorization checks for an authenticated user, leading to escalation of...
SAP NetWeaver AS 跨站脚本漏洞
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server Pages versions 700, 701, 702, 731, and 740. An attacker could us...
CVE-2022-41212
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the...
PT-2022-19727 · Sap · Hana Database +6
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53,...