92 matches found
CVE-2025-0067
CVE-2025-0067 relates to SAP NetWeaver Application Server Java where a missing authorization check on service endpoints lets a user with a standard role create JCo connections used for remote function calls. The impact is described as low for confidentiality, integrity, and availability. Affected...
The vulnerability of the Remote Function Call interface in the SAP NetWeaver AS ABAP software integration platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Remote Function Call interface in the SAP NetWeaver AS ABAP software integration platform is related to insufficient control over dynamically defined variables. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protect...
SAP NetWeaver AS ABAP Information Disclosure (3469791)
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2024-54198
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2024-54198
CVE-2024-54198 affects SAP NetWeaver Application Server ABAP. In certain conditions, an authenticated attacker can craft a Remote Function Call (RFC) to restricted destinations, exposing credentials for a remote service and potentially allowing complete compromise of that service. Affected compon...
CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from allowing an authenticated attacker to craft a Remote Function Call RFC request to a restricted destination, which could be used to...
PT-2024-9678 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, potentially exposing credentials for a remot...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a less-privileged user to perform a denial of service to any user and also to change or delet...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to read any user's workplace favorites and user menus, as well as all...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add any workbook to any user's workplace favorites...
PT-2024-29908 · Sap · Sap Systems
Name of the Vulnerable Software and Affected Versions: SAP Systems affected versions not specified Description: The RFC enabled function module in SAP Systems allows a low-privileged user to read any user's workplace favorites and user menu, along with specific data of each node. This issue enabl...
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
The vulnerabilities of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP software integration platforms are related to deficiencies in authentication procedures. These deficiencies allow attackers to circumvent security restrictions, enhance their privileges, and gain unauthorized access to protected information.
The vulnerability of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP integration platforms is related to deficiencies in the authentication process due to incorrect processing of user information via RFC messages, thereby compromising the security between SAP systems. Exploiting this vulnerability...
CVE-2021-33684
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77,...
CVE-2021-27610
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by maliciou...
PT-2021-17568 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for ABAP RFC Gateway versions 7.22 through 7.83 Description: The issue allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network, triggering an internal erro...