231 matches found
SAP NetWeaver 安全漏洞
SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver that originates from an authenticated, non-administrative use...
SAP NetWeaver 安全漏洞
SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver, which stems from a lack of authorization checks and allows...
PT-2025-28292 · Sap Se · Sap Netweaver/Abap Platform
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is due to a missing authorization check, allowing an attacker authenticated as a non-administrative user to call a remote-enabled function module. This could enable access to...
SAP NetWeaver Business Warehouse 安全漏洞
SAP NetWeaver Business Warehouse is a data warehouse solution from SAP, Germany. A security vulnerability exists in SAP NetWeaver Business Warehouse, which originates from a privileged attacker who can execute an RFC function module without input parameters resulting in a high CPU load, which may...
SAP S/4HANA 安全漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from insufficient authorization checking, which could lead to the creation of RFC targets and the assignment of...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2021-21466
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...
SAP NetWeaver AS ABAP Access Control (3554667)
The remote SAP NetWeaver ABAP server may be affected by an access control vulnerability. In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials fo...
CVE-2025-23186
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2025-23186
CVE-2025-23186 affects SAP NetWeaver Application Server ABAP. An authenticated attacker can craft an RFC request to restricted destinations, exposing credentials for a remote service and potentially fully compromising that remote service. Root cause cited in sources is improper access control aro...
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
SAP Landscape Transformation 代码注入漏洞
SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. A code injection vulnerability exists in SAP Landscape Transformation, which stems from a vulnerability in a function module exposed via an RFC that could lead to ABAP code injection...
PT-2025-15367 · Sap · Sap Solution Manager
Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...
PT-2025-15363 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, exposing credentials for a remote service...
CVE-2025-23190
CVE-2025-23190 affects SAP NetWeaver/ABAP platform (ST-PI). The root cause is a missing authorization check that allows an authenticated attacker to call a remote-enabled function module and access data they normally cannot view. The attacker cannot modify data or affect system availability as de...
CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)
Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...
CVE-2024-54198
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...
CVE-2025-0067
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on...
CVE-2025-0063
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...