5 matches found
CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...
CVE-2026-40136 Denial of service (DoS) in SAP Financial Consolidation
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...
CVE-2026-22323
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...
PT-2025-41837
Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP and ABAP Platform affected versions not specified Description A memory corruption issue exists in SAP NetWeaver AS ABAP and ABAP Platform. An unauthenticated attacker can exploit this by sending a corrupted SAP Logon Tick...
CVE-2025-42955 Missing authorization check in SAP Cloud Connector
Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...