CVE-2024-24740 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

SAP NetWeaver Application Server ABAP - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of t...

CVE-2024-22124

Under certain conditions, Internet Communication Manager ICM or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, WEBDISP 7.22EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access...

CVE-2024-22124

CVE-2024-22124 affects SAP NetWeaver Internet Communication Manager and SAP Web Dispatcher—specifically listed kernel and related components (KERNEL 7.22/7.53/7.54; KRNL64UC 7.22/7.53; KRNL64NUC 7.22/7.22_EXT; WEBDISP 7.22_EXT/7.53/7.54). The vulnerability enables an attacker to access informatio...

Authentication flaw

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, perfor...

CVE-2023-35874

CVE-2023-35874 affects SAP NetWeaver Application Server ABAP and ABAP Platform, specifically versions 7.22 through 7.93 (KRNL64NUC/UC, etc.). The root cause is improper authentication checks for functionalities that require user identity, enabling a network-based attacker to perform malicious act...

CVE-2022-27668

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC...

Design/Logic Flaw

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC...

CVE-2022-22533

SAP NetWeaver Application Server Java (KRNL64NUC 7.22/7.22EXT/7.49, KRNL64UC 7.22/7.22EXT/7.49/7.53, KERNEL 7.22/7.49/7.53) is affected by CVE-2022-22533. The issue arises from improper error handling that allows an attacker to submit multiple HTTP server requests, triggering errors and consuming...

CVE-2021-33683

SAP Web Dispatcher and Internet Communication Manager ICM, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83,...

Design/Logic Flaw

SAP Web Dispatcher and Internet Communication Manager ICM, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83,...

CVE-2021-33683

CVE-2021-33683 affects SAP Web Dispatcher and Internet Communication Manager (ICM) components, including KRNL32NUC/64NUC, KRNL32UC/64UC, WEBDISP, and KERNEL across multiple 7.x versions up to 7.83. The vulnerability stems from incorrect handling of invalid HTTP headers, specifically Transfer-Enco...

CVE-2021-33665

SAP NetWeaver Application Server ABAP Applications based on SAP GUI for HTML, versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2021-33665

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML) is affected by CVE-2021-33665. Affected components/versions: KRNL64NUC 7.49, KRNL64UC 7.49,7.53, and KERNEL 7.49,7.53,7.77,7.81,7.84. Root cause: insufficient encoding of user-controlled inputs, enabling Cross-Site Scr...

CVE-2021-33663

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper...

CVE-2021-27630

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) versions including KRNL32NUC (7.22, 7.22EXT), KRNL64NUC (7.22, 7.22EXT, 7.49), KRNL64UC (8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73), and KERNEL (7.22, 8.04, 7.49, 7.53, 7.73) are affected by CVE-2021-27630. An unauthenticated attacker can s...

CVE-2021-27607

Summary. CVE-2021-27607 affects SAP NetWeaver ABAP Server/Platform (Dispatcher). Multiple KRNL and KERNEL versions (e.g., KRNL32NUC 7.22/7.22EXT; KRNL64UC 7.22/7.49/7.53/7.73; KERNEL 7.22/8.04/7.49/7.53/7.73/7.77/7.81/7.82/7.83) are vulnerable. An unauthenticated attacker can send a specially cra...

CVE-2021-27606

CVE-2021-27606 affects SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) across multiple kernels/versions (e.g., KRNL32NUC KRNL64NUC KRNL64UC and KERNEL series). The flaw is an input validation issue in method EncOAMParamStore() that allows an unauthenticated attacker to send a crafted...

Authorization

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64N...

CVE-2019-0270

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64N...

CVE-2019-0270

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64N...