14 matches found
CVE-2026-34256
Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...
CVE-2026-34256
Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...
EUVD-2026-22166
Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...
CVE-2026-24316
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...
EUVD-2026-10450
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...
CVE-2026-24316
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...
PT-2026-24158
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description The software includes an ABAP Report designed for testing that enables sending HTTP requests to any internal or external endpoint. This functionality is...
CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...
EUVD-2021-14358
Malware in sbrugna...
EUVD-2021-8740
Malicious code in bioql PyPI...
CVE-2021-27611
CVE-2021-27611 affects SAP NetWeaver AS ABAP versions 700, 701, 702, 730, 731. The vulnerability enables a high-privileged, local attacker to inject malicious code by executing an ABAP report on a local SAP system, with potential data access/overwrite and denial of service. Root cause cited acros...
CVE-2021-21466
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...
Code injection
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...
CVE-2021-21466
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...