Lucene search
+L

59 matches found

CVE
CVE
added 2025/07/08 12:35 a.m.45 views

CVE-2025-42964

CVE-2025-42964 affects SAP NetWeaver Enterprise Portal Administration. A privileged user can upload untrusted or malicious content that is deserialized, potentially compromising confidentiality, integrity, and availability of the host system. Public documentation consistently identifies insecure ...

9.1CVSS6.5AI score0.00696EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/08 12:35 a.m.12 views

CVE-2025-42964 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

9.1CVSS0.00696EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/08 12:35 a.m.2 views

CVE-2025-42963 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer )

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected...

9.1CVSS6.3AI score0.00715EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.7 views

CVE-2024-30218

The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability...

6.5CVSS6.9AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.6 views

CVE-2023-0021

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed...

6.1CVSS6.7AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.10 views

CVE-2022-28217

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...

6.5CVSS7AI score0.00704EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.10 views

CVE-2022-26105

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

6.1CVSS6.8AI score0.00855EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.6 views

CVE-2021-27631

SAP NetWeaver ABAP Server and ABAP Platform Enqueue Server, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a...

7.5CVSS7AI score0.01508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:7 p.m.7 views

CVE-2021-33678

A function module of SAP NetWeaver AS ABAP Reconciliation Framework, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some...

7.5CVSS6.5AI score0.02546EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 p.m.21 views

CVE-2021-21491

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS6.7AI score0.00666EPSS
Exploits0References1
NVD
NVD
added 2025/05/13 1:15 a.m.15 views

CVE-2025-31329

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as use...

6.2CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.8 views

PT-2025-20810 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: The issue is caused by the injection of malicious instructions into user configuration settings, allowing an attacker with administrative privileges to expose sensitive information su...

6.2CVSS6AI score0.00302EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/04/25 10:41 a.m.51 views

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote...

10CVSS9.4AI score0.99406EPSS
Exploits21
ATTACKERKB
ATTACKERKB
added 2025/04/24 12:0 a.m.21 views

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS6.7AI score0.99406EPSS
In wildExploits18References4
CNVD
CNVD
added 2025/04/18 12:0 a.m.7 views

SAP Netweaver Unauthorized Access Vulnerability

SAP NetWeaver is SAP's integrated technology platform. An unauthorized access vulnerability exists in SAP Netweaver that stems from an authorization check bypass and can be exploited by an attacker to gain unauthorized access to ABAP code...

4.3CVSS6.3AI score0.00335EPSS
Exploits0References1
CISA
CISA
added 2025/03/19 12:0 p.m.140 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316link is external Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248link is external NAKIVO Backup and Replication Absolute Path...

9.8CVSS7.8AI score0.94557EPSS
In wildExploits7References8
RedhatCVE
RedhatCVE
added 2025/02/05 2:37 p.m.10 views

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

9CVSS6.5AI score0.018EPSS
Exploits0References1
CNVD
CNVD
added 2024/09/18 12:0 a.m.4 views

SAP NetWeaver Authorization Issues Vulnerability (CNVD-2024-49632)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. SAP NetWeaver suffers from an authorization issue vulnerability that stems from a lack of authorization...

4.3CVSS6.4AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

SAP NetWeaver 安全漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. SAP NetWeaver suffers from an authorization issue vulnerability that stems from a lack of authorization...

4.3CVSS6.4AI score0.00262EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

SAP NetWeaver 代码问题漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A code issue vulnerability exists in SAP NetWeaver that stems from insufficient input validation, which c...

5.3CVSS6.9AI score0.00415EPSS
Exploits0References4
Rows per page
Query Builder