SAP NetWeaver AS ABAP (3550708)

The remote SAP NetWeaver ABAP server may be affected by a improper access control vulnerability. The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the...

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

Authentication flaw

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

CVE-2023-49581

CVE-2023-49581 affects SAP GUI for Windows and SAP GUI for Java. An unauthenticated attacker can access information that should be restricted and can also write data to a database table, potentially increasing response times of the AS ABAP and causing mild availability impact. Public details acro...

CVE-2023-49580 Information disclosure in SAP GUI for Windows and SAP GUI for Java

SAP GUI for Windows and SAP GUI for Java - versions SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create...

CVE-2023-37492 Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, SAPBASIS 740, SAPBASIS 750, SAPBASIS 752, SAPBASIS 753, SAPBASIS 754, SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, SAPBASIS 793, SAPBASIS 804, does not perform...

CVE-2023-24522

CVE-2023-24522 affects SAP NetWeaver AS ABAP (Business Server Pages) and versions 700, 701, 702, 731, 740. Root cause: insufficient input sanitization that allows an unauthenticated user to inject malicious code over the network to alter a user’s current session, potentially exposing data. Impact...

SAP NetWeaver AS ABAP and AS Java Memory Corruption (3145702)

A memory corruption vulnerability exists in SAP NetWeaver AS ABAP and AS Java kernel versions 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, and 8.04 which may allow an unauthenticated attacker to steal authentication information of the user. Note that Nessus has not tested for this issue...

CVE-2021-38178

CVE-2021-38178 affects SAP NetWeaver AS ABAP and ABAP Platform versions 700–756. The vulnerability allows a malicious user to transfer ABAP code artifacts or content by bypassing the established quality gates, enabling code to reach quality and production and potentially compromising confidential...

CVE-2021-33678

CVE-2021-33678 affects SAP NetWeaver AS ABAP (Reconciliation Framework) across multiple releases (700–75F). A high-privilege attacker can inject code executed by the application, potentially deleting data and causing DoS/unavailability. Affected component: Reconciliation Framework function module...

Authorization

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2021-33663

CVE-2021-33663 affects SAP NetWeaver AS ABAP (multiple KRNL/KERNEL versions up to 7.84). Root cause: improper restriction of I/O buffering in encrypted SMTP sessions, allowing an unauthenticated remote attacker to insert cleartext commands and partially impact integrity. Affected components inclu...

CVE-2021-27611

CVE-2021-27611 affects SAP NetWeaver AS ABAP versions 700, 701, 702, 730, 731. The vulnerability enables a high-privileged, local attacker to inject malicious code by executing an ABAP report on a local SAP system, with potential data access/overwrite and denial of service. Root cause cited acros...

CVE-2021-27603

The CVE-2021-27603 entry concerns SAP NetWeaver AS ABAP. It affects SAP NetWeaver AS ABAP versions 731, 740, and 750, where the RFC function module SPI_WAIT_MILLIS can be invoked to keep a work process busy, enabling an attacker to repeatedly call it and block all work processes, causing a Denial...

SAP NetWeaver AS Java and AS ABAP Multiple Vulnerabilities (Jan 2021)

The version of SAP NetWeaver AS Java or ABAP detected on the remote host is affected by multiple vulnerabilities, as follows: - SAP NetWeaver AS Java HTTP Service, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data suc...

CVE-2020-26832

The CVE-2020-26832 issue affects SAP AS ABAP (SAP Landscape Transformation) and SAP S4 HANA (Landscape Transformation) with vulnerable versions: ABAP 2011_1_620/640/700/710/730/731/752 and S4 HANA 101–105. Root cause: missing authorization allows a high-privilege user to execute an RFC function m...

CVE-2020-26808

SAP AS ABAPDMIS, versions - 20111620, 20111640, 20111700, 20111710, 20111730, 20111731, 20111752, 2020 and SAP S4 HANADMIS, versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the...

CVE-2020-26808

CVE-2020-26808 affects SAP AS ABAP (DMIS) and SAP S/4HANA (DMIS) with listed 2011_1_620/640/700/710/730/731/752 and 2020-era S4HANA 101–105 versions. The issue allows an authenticated attacker to inject arbitrary code into a function module, leading to code execution within the application and im...

CVE-2020-6324

The CVE-2020-6324 entry affects SAP NetWeaver AS ABAP (BSP Test Application sbspext_table) across SAP NetWeaver ABAP versions 700–755. The vulnerability is a Reflected Cross-Site Scripting issue triggered by an unauthenticated user sending a polluted URL; when the victim clicks, the attacker can ...

CVE-2020-6270

SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...