CVE-2025-42957

CVE-2025-42957 affects SAP S/4HANA with a vulnerability in a function module exposed via RFC that allows an authenticated user to inject arbitrary ABAP code, bypassing authorization checks and potentially taking full control of the SAP environment. The flaw can impact confidentiality, integrity, ...

CVE-2025-42957 Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

CVE-2025-42950 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-42950 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-42950

SAP Landscape Transformation (SLT) is affected by a CVE-2025-42950 vulnerability in which an attacker with user privileges can exploit a flaw in a function module exposed via RFC to inject arbitrary ABAP code, bypassing authorization checks and potentially compromising confidentiality, integrity,...

SAP S/4HANA 代码注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA, which can be exploited to inject arbitrary ABAP code via RFC...

PT-2025-32613

Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions prior to August 2025 Description SAP S/4HANA contains a critical vulnerability that allows an attacker with user privileges to exploit a flaw in a function module exposed via RFC. This allows the injection of arbitrary ABA...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. A code injection vulnerability exists in SAP Landscape Transformation SLT that originates from the ability to inject arbitrary ABAP code via RFC...

PT-2025-32610

Name of the Vulnerable Software and Affected Versions: SAP Landscape Transformation SLT affected versions not specified Description: SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a flaw in a function module exposed via Remote Function Call RFC. This enables t...

CVE-2025-42986

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42968

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

CVE-2025-42986

CVE-2025-42986 concerns SAP BASIS with a missing authorization check in an obsolete RFC-enabled function module. The root cause allows an authenticated, low-privilege attacker to invoke a Remote Function Call (RFC) and potentially access restricted system information. The documented impact is lim...

CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42974

CVE-2025-42974 involves SAP NetWeaver/ABAP Platform (SDCCN) with a missing authorization check that allows an authenticated non-administrative user to call a remote-enabled function module. The resulting exposure is limited to confidentiality (low impact); there is no reported impact on integrity...

CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module)

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

CVE-2025-42968

CVE-2025-42968 affects SAP NetWeaver. An authenticated non-administrative user can invoke a remote-enabled function module (RFC) and access information about the SAP system and OS that is not sensitive, with low impact on confidentiality and no impact on integrity or availability. The root cause ...

SAP NetWeaver和SAP ABAP Platform 安全漏洞

SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated service-oriented application platform that provides a development and runtime environment for SAP applications.SAP AB...