SAP Netweaver Unauthorized Access Vulnerability

SAP NetWeaver is SAP's integrated technology platform. An unauthorized access vulnerability exists in SAP Netweaver that stems from an authorization check bypass and can be exploited by an attacker to gain unauthorized access to ABAP code...

CVE-2025-31331

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper...

CVE-2025-31330

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-31330

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-27429

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

CVE-2025-31331

SAP NetWeaver ABAP contains an authorization bypass vulnerability (CVE-2025-31331) that allows an attacker to bypass checks and view sensitive ABAP code, and, once logged in, run a transaction to expose code without proper authorization. Affected product: SAP NetWeaver Application Server ABAP. Ro...

CVE-2025-31331 Authorization Bypass vulnerability in SAP NetWeaver

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper...

CVE-2025-31331 Authorization Bypass vulnerability in SAP NetWeaver

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper...

PT-2025-15376 · Sap · Sap Landscape Transformation

Name of the Vulnerable Software and Affected Versions: SAP Landscape Transformation SLT affected versions not specified Description: The issue allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC, enabling the injection of arbitrary ABAP code...

SAP NetWeaver 安全漏洞

SAP NetWeaver is SAP's integrated technology platform. An unauthorized access vulnerability exists in SAP Netweaver that stems from an authorization check bypass and can be exploited by an attacker to gain unauthorized access to ABAP code...

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection Exploit

SAP Netweaver version SAP DMIS 20111731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUCRECONRCCOUNTTABLEBIG. ======================================================================= title: Remote ABAP Code Injection in SAP IUUCRECONRCCOUNTTABLEBIG product: SAP Netweaver...

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection Exploit

SAP Netweaver versions SAP DMIS in at least 20111731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUCGENERATEACPLANDELIMITER. ============================================================================== title: Remote ABAP Code Injection in...

CVE-2021-38176

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could...

Input validation

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could...

CVE-2021-38176

The connected documents confirm a concrete vulnerability: CVE-2021-38176 affects SAP NZDT (a conversion/deployment of SAP S/4HANA 1809 to AWS). The root cause is improper input sanitization in NZDT function modules, allowing an authenticated user with certain privileges to remotely invoke these m...

CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service...

CVE-2017-6950

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

Design/Logic Flaw

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

CVE-2017-6950

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

CVE-2017-6950

CVE-2017-6950 affects SAP GUI for Windows 7.2–7.5. The vulnerability allows remote code execution on the client by presenting crafted ABAP code, bypassing intended security policy restrictions (SAP Security Note 2407616). Exploitation would occur on vulnerable SAP GUI endpoints, enabling an attac...