CVE-2025-0063

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...

CVE-2024-44117

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2024-42371

CVE-2024-42371 describes an issue in SAP NetWeaver AS ABAP where an RFC-enabled function module can be abused by a low-privileged user to delete any user’s workplace favourites, potentially exposing usernames and targeted workspace/node information. The impact is listed as low for integrity and a...

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

Design/Logic Flaw

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

CVE-2022-41264

The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...

SAP NetWeaver AS ABAP Denial of Service Vulnerability (CNVD-2021-29099)

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver AS ABAP versions 731, 740, and 750. The vulnerability...

CVE-2020-26832

SAP AS ABAP SAP Landscape Transformation, versions - 20111620, 20111640, 20111700, 20111710, 20111730, 20111731, 20111752, 2020 and SAP S4 HANA SAP Landscape Transformation, versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should b...

CVE-2020-26832

SAP AS ABAP SAP Landscape Transformation, versions - 20111620, 20111640, 20111700, 20111710, 20111730, 20111731, 20111752, 2020 and SAP S4 HANA SAP Landscape Transformation, versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should b...

CVE-2016-7437

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

CVE-2016-7437

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

Design/Logic Flaw

Business Warehouse BW in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDUCCMSGETPROFILEPARAM RFC function...

Code injection

SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1...

Code injection

SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1...

CVE-2014-3131

SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1...