CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

SAP NetWeaver Command Injection (January 2026)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an SAP NetWeaver is affected by a server-side request forgery SSRF vulnerabilityas disclosed in the SAP Security Patch Day January 2026: - Due to an OS Command Injection vulnerability in SAP...

CVE-2026-0507

SAP NetWeaver Application Server for ABAP and SAP NetWeaver RFCSDK are affected by an OS Command Injection vulnerability (CVE-2026-0507). An authenticated admin with adjacent network access could upload specially crafted content; if processed, it enables arbitrary OS command execution, potentiall...

CVE-2026-0507 OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...

SAP Application Server for ABAP 操作系统命令注入漏洞

SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. SAP Application Server for ABAP suffers from an operating system command injection vulnerability that stems from OS command injection, which could lead to an authenticated attacker uploading special...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...

CVE-2020-6262

Service Data Download in SAP Application Server ABAP ST-PI, before versions 2008146C, 20081620, 20081640, 20081700, 20081710, 740 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system...

SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform Different Software Components vulnerable version: see section "Vulnerable /...

SAP Application Server ABAP Service Data Code Injection Vulnerability

SAP Application Server ABAP is an application service program. A code injection vulnerability exists in the SAP Application Server ABAP service data, which allows remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary code in the application context...

CVE-2020-6262

Service Data Download in SAP Application Server ABAP ST-PI, before versions 2008146C, 20081620, 20081640, 20081700, 20081710, 740 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system...

CVE-2020-6262

Service Data Download in SAP Application Server ABAP ST-PI, before versions 2008146C, 20081620, 20081640, 20081700, 20081710, 740 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system...

CVE-2020-6262

Service Data Download in SAP Application Server ABAP ST-PI, before versions 2008146C, 20081620, 20081640, 20081700, 20081710, 740 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system...

SAP DIAG Service Detection

A SAP DIAG Dynamic Information and Action Gateway Service is running at this host. DIAG is a propretiary communication protocol between the SAP GUI and the SAP application server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...