CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/01/14 12:9 a.m.•5 views

CVE-2025-0068 Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application...

4.3CVSS4.6AI score0.00111EPSS

CVE•added 2025/01/14 12:9 a.m.•52 views

CVE-2025-0067

CVE-2025-0067 relates to SAP NetWeaver Application Server Java where a missing authorization check on service endpoints lets a user with a standard role create JCo connections used for remote function calls. The impact is described as low for confidentiality, integrity, and availability. Affected...

6.3CVSS6.4AI score0.00057EPSS

Tenable Nessus•added 2024/12/16 12:0 a.m.•6 views

SAP NetWeaver AS ABAP Information Disclosure (3469791)

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

8.5CVSS5.6AI score0.00249EPSS

Exploits0References3

NVD•added 2024/12/10 1:15 a.m.•8 views

CVE-2024-54198

8.5CVSS0.00249EPSS

CVE•added 2024/12/10 12:12 a.m.•70 views

CVE-2024-54198

CVE-2024-54198 affects SAP NetWeaver Application Server ABAP. In certain conditions, an authenticated attacker can craft a Remote Function Call (RFC) to restricted destinations, exposing credentials for a remote service and potentially allowing complete compromise of that service. Affected compon...

8.5CVSS8.5AI score0.00249EPSS

Cvelist•added 2024/12/10 12:12 a.m.•24 views

CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

8.5CVSS0.00249EPSS

Vulnrichment•added 2024/12/10 12:12 a.m.•8 views

CVE-2024-54198 Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

8.5CVSS7.2AI score0.00249EPSS

CNNVD•added 2024/12/10 12:0 a.m.•2 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from allowing an authenticated attacker to craft a Remote Function Call RFC request to a restricted destination, which could be used to...

8.5CVSS6.4AI score0.00249EPSS

Positive Technologies•added 2024/12/02 12:0 a.m.•2 views

PT-2024-9678 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, potentially exposing credentials for a remot...

8.5CVSS7AI score0.00249EPSS

Exploits0References12

OSV•added 2024/09/10 4:15 a.m.•1 views

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS5.8AI score

4.3CVSS6.5AI score0.00087EPSS

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to add URLs to any user's workplace favorites...

4.3CVSS6.7AI score0.00094EPSS

SAP for Oil & Gas 安全漏洞

SAP for Oil & Gas is an enterprise resource planning ERP solution from SAP, Germany. A security vulnerability exists in SAP for Oil & Gas, which stems from a lack of authorization checking that allows authenticated, non-administrative users to invoke a remote function that would allow them to...

4.3CVSS6.5AI score0.00087EPSS

SAP NetWeaver Application Server 安全漏洞

5.4CVSS6.5AI score0.00063EPSS

SAP NetWeaver Application Server 安全漏洞

CNNVD•added 2024/09/10 12:0 a.m.•2 views

SAP NetWeaver Application Server 安全漏洞

4.3CVSS6.4AI score0.0011EPSS

5.4CVSS6.4AI score0.00057EPSS

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a less-privileged user to perform a denial of service to any user and also to change or delet...