CVE-2026-34261

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

SAP Supply Chain Management 安全漏洞

SAP Supply Chain Management is a supply chain management software developed by the German company SAP. There is a security vulnerability in SAP Supply Chain Management, which stems from uncontrolled resource consumption. This vulnerability could allow authenticated attackers to trigger a...

CVE-2026-0509

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

CVE-2026-0509

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

CVE-2026-0509

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

CVE-2026-24326

CVE-2026-24326 affects SAP S/4HANA Defense & Security with missing authorization check in Disconnected Operations. A user with privileges can call remote-enabled function modules to directly update a standard SAP database table, causing a LOW integrity impact (no confidentiality/availability impa...

CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

CVE-2026-0509

SAP NetWeaver Application Server ABAP and ABAP Platform suffers a vulnerability where an authenticated, low-privilege user can perform background RFCs without S_RFC authorization in certain cases. The issue impacts integrity and availability (high) but not confidentiality. Affected component/func...

PT-2026-7207

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated, low-privileged user can execute background Remote Function Calls without the necessary S RFC authorization in specific...

CVE-2026-0498

CVE-2026-0498 affects SAP S/4HANA (Private Cloud and On-Premise). The vulnerability exists in a function module exposed via RFC, where an attacker with admin privileges can inject arbitrary ABAP code or OS commands, bypassing authorization checks and creating a backdoor that could lead to full sy...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a lack of authorization checking and could allow an authenticated attacker to misuse RFC functions to execute form routines in the ABAP...

PT-2025-46226

Name of the Vulnerable Software and Affected Versions SAP HANA version 2.0 Description SAP HANA 2.0 hdbrss is affected by a missing authentication mechanism. This allows an unauthenticated attacker to call a remote-enabled function and view information. The issue has a low impact on...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. A code injection vulnerability exists in SAP Landscape Transformation SLT that originates from the ability to inject arbitrary ABAP code via RFC...

SAP NetWeaver和SAP ABAP Platform 安全漏洞

SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated service-oriented application platform that provides a development and runtime environment for SAP applications.SAP AB...

CVE-2025-0067

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on...

CVE-2025-0063

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...