92 matches found
PT-2025-32610
Name of the Vulnerable Software and Affected Versions: SAP Landscape Transformation SLT affected versions not specified Description: SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a flaw in a function module exposed via Remote Function Call RFC. This enables t...
CVE-2025-42986
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986
CVE-2025-42986 concerns SAP BASIS with a missing authorization check in an obsolete RFC-enabled function module. The root cause allows an authenticated, low-privilege attacker to invoke a Remote Function Call (RFC) and potentially access restricted system information. The documented impact is lim...
CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...
SAP NetWeaver Business Warehouse 安全漏洞
SAP NetWeaver Business Warehouse is a data warehouse solution from SAP, Germany. A security vulnerability exists in SAP NetWeaver Business Warehouse, which originates from a privileged attacker who can execute an RFC function module without input parameters resulting in a high CPU load, which may...
SAP S/4HANA 安全漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from insufficient authorization checking, which could lead to the creation of RFC targets and the assignment of...
The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation (SLT) allows a attacker to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation SLT is related to improper code generation. Exploiting this vulnerability can allow an attacker to influence the confidentiality, integrity, and...
SAP NetWeaver AS ABAP Access Control (3554667)
The remote SAP NetWeaver ABAP server may be affected by an access control vulnerability. In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials fo...
CVE-2025-23186
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2025-23186
CVE-2025-23186 affects SAP NetWeaver Application Server ABAP. An authenticated attacker can craft an RFC request to restricted destinations, exposing credentials for a remote service and potentially fully compromising that remote service. Root cause cited in sources is improper access control aro...
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
SAP Landscape Transformation 代码注入漏洞
SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. A code injection vulnerability exists in SAP Landscape Transformation, which stems from a vulnerability in a function module exposed via an RFC that could lead to ABAP code injection...
PT-2025-15363 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, exposing credentials for a remote service...
CVE-2024-54198
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2025-0068 Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application...
CVE-2025-0068
CVE-2025-0068 is an information-disclosure vulnerability in SAP NetWeaver Application Server ABAP. The root cause is a missing authorization check in remote function calls (RFC), enabling an authenticated attacker to access restricted information. The impact is limited to confidentiality (no inte...