CVE-2025-42887

CVE-2025-42887 affects SAP Solution Manager. The vulnerability is a code-injection flaw caused by missing input sanitization when an authenticated user calls a remote-enabled function module, potentially allowing full system compromise with high impact to confidentiality, integrity, and availabil...

CVE-2025-42887 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42887 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

PT-2025-46228

Name of the Vulnerable Software and Affected Versions SAP Solution Manager affected versions not specified Description SAP Solution Manager is susceptible to a code injection issue stemming from inadequate input sanitization. An authenticated attacker can inject malicious code by calling a...

EUVD-2025-27214

Malicious code in bioql PyPI...

EUVD-2025-24203

Malicious code in bioql PyPI...

EUVD-2021-8740

Malicious code in bioql PyPI...

EUVD-2025-20336

Malicious code in bioql PyPI...

CVE-2025-42911

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-42911 Missing Authorization check in SAP NetWeaver (Service Data Download)

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-42911 Missing Authorization check in SAP NetWeaver (Service Data Download)

SAP NetWeaver Service Data Download allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the...

CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module)

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

SAP NetWeaver 安全漏洞

SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver that originates from an authenticated, non-administrative use...

CVE-2021-21466

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...

PT-2025-15367 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...

CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

CVE-2025-23190

CVE-2025-23190 affects SAP NetWeaver/ABAP platform (ST-PI). The root cause is a missing authorization check that allows an authenticated attacker to call a remote-enabled function module and access data they normally cannot view. The attacker cannot modify data or affect system availability as de...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add URLs to any user's workplace favorites...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to delete any user's workplace favorites...

PT-2024-30958 · Sap · Sap

Name of the Vulnerable Software and Affected Versions: SAP affected versions not specified Description: The issue allows a low-privileged user to add URLs to any user's workplace favorites through the RFC enabled function module. This could be used to identify usernames and access information abo...