Lucene search
K

4564 matches found

NVD
NVD
added 2026/03/10 5:35 p.m.4 views

CVE-2026-24309

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

6.4CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 12:18 a.m.10 views

CVE-2026-27688

CVE-2026-27688 affects SAP NetWeaver Application Server for ABAP. A missing authorization check allows an authenticated user with privileges to execute a specific RFC function module to read Database Analyzer Log Files, potentially escalating privileges and exposing confidential data. Impact is l...

5CVSS5.9AI score0.0023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/10 12:18 a.m.29 views

CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

5CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.3 views

CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

5CVSS5.9AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.4 views

CVE-2026-27688

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

5CVSS5.9AI score0.0023EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.2 views

CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.5 views

CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 12:18 a.m.23 views

CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is reported to be vulnerable to insecure deserialization when a privileged user uploads untrusted content, potentially affecting confidentiality, integrity, and availability of the host. The provided documents identify the affected product and the un...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 12:18 a.m.31 views

CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS0.00551EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 12:18 a.m.14 views

CVE-2026-27684

CVE-2026-27684 affects SAP NetWeaver Feedback Notifications Service. An authenticated attacker can exploit a SQL injection by supplying input that is directly concatenated into SQL queries, enabling manipulation of WHERE clause logic. This can lead to unauthorized access to or modification of dat...

6.4CVSS6AI score0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.3 views

CVE-2026-27684 SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

6.4CVSS6AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 12:18 a.m.30 views

CVE-2026-27684 SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

6.4CVSS0.00267EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.4 views

CVE-2026-27684

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

6.4CVSS6AI score0.00267EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:17 a.m.4 views

CVE-2026-24316

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 12:17 a.m.3 views

CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 12:17 a.m.10 views

CVE-2026-24316

CVE-2026-24316 describes a Server-Side Request Forgery in SAP NetWeaver Application Server for ABAP. An ABAP Report used for testing can send HTTP requests to arbitrary internal or external endpoints, enabling interaction with potentially sensitive internal endpoints. The documented impact is low...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/10 12:17 a.m.35 views

CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

6.4CVSS0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:17 a.m.3 views

CVE-2026-24310

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

3.5CVSS5.9AI score0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/10 12:17 a.m.33 views

CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

3.5CVSS0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/10 12:17 a.m.4 views

CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References2
Rows per page
Query Builder