4581 matches found
CVE-2026-44746
An XSS vulnerability (reflected) in SAP NetWeaver Java (JDBC Test Servlet) allows an unauthenticated attacker to craft a URL containing malicious script. If a victim clicks the link, the injected input is processed during web page generation, causing the attacker’s code to run in the victim’s bro...
CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
CVE-2026-44746
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
CVE-2026-40128
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...
EUVD-2026-35278
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...
CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...
CVE-2026-27671
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...
PT-2026-47533
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
📄 SAP NetWeaver ABAP / SAP_BASIS 918 Cryptographic Weakness
SAML response validation in NetWeaver's SAML Service Provider is susceptible to XML Signature wrapping attacks, specifically through Signature/Object tags. This allows an attacker to manipulate SAML assertion data returned by the identity provider, therefore enabling logging in as an arbitrary...
SAP NetWeaver Application Server Java 安全漏洞
SAP NetWeaver Application Server Java is an application server provided by the German company SAP, which offers a Java runtime environment. This product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a security vulnerability that stems...
SAP NetWeaver ABAP Platform 安全漏洞
SAP NetWeaver ABAP Platform is an integrated technology platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver ABAP Platform, which stems from the lack of necessary authorization checks for authenticated users. This vulnerability could allow attackers to...
SAP NetWeaver Application Server ABAP 数据伪造问题漏洞
SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a vulnerability in SAP NetWeaver Application Server ABAP, which allows authenticated attackers to obtain valid signed message...
SAP NetWeaver AS Java 跨站脚本漏洞
SAP NetWeaver AS Java is a platform system developed by the German company SAP. SAP NetWeaver AS Java has a cross-site scripting vulnerability, which stems from reflective cross-site scripting and may allow malicious scripts to be executed...
PT-2026-47530
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Container affected versions not specified Description An unauthenticated attacker can craft a malicious HTTP logon request that manipulates file inclusion parameters. This enables path traversal, which...
PT-2026-47534
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...
CVE-2026-27680
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...
CVE-2026-27682
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...