Netweaver Application Server Abap@710 Security Vulnerabilities and Issues — Netweaver Application Server Abap@710 CVE List

Lucene search

SapNetweaver Application Server Abap710

14 matches found

CVE•added 2022/05/11 3:15 p.m.•89 views

CVE-2022-29611

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.9AI score0.00345EPSS

CVE•added 2023/01/10 4:15 a.m.•87 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguou...

9.8CVSS9.1AI score0.00236EPSS

CVE•added 2021/07/14 12:15 p.m.•68 views

CVE-2021-33678

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some...

7.5CVSS6.5AI score0.01004EPSS

CVE•added 2020/10/15 2:15 a.m.•60 views

CVE-2020-6371

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

4.3CVSS4.5AI score0.00302EPSS

CVE•added 2020/05/12 6:15 p.m.•59 views

CVE-2020-6240

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

7.5CVSS7.5AI score0.01642EPSS

CVE•added 2021/10/12 3:15 p.m.•56 views

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious co...

8.8CVSS8.6AI score0.00446EPSS

CVE•added 2021/06/09 2:15 p.m.•49 views

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver A...

6.5CVSS7AI score0.00543EPSS

CVE•added 2021/06/09 2:15 p.m.•47 views

CVE-2021-21490

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current se...

6.1CVSS6AI score0.00248EPSS

CVE•added 2021/12/14 4:15 p.m.•46 views

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This coul...

7.2CVSS6.9AI score0.0012EPSS

CVE•added 2020/08/12 2:15 p.m.•43 views

CVE-2020-6296

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

8.8CVSS8.7AI score0.00516EPSS

CVE•added 2020/06/10 1:15 p.m.•42 views

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce th...

9.8CVSS9.3AI score0.00435EPSS

CVE•added 2021/11/10 4:15 p.m.•42 views

CVE-2021-40504

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.

4.9CVSS5.2AI score0.00106EPSS

CVE•added 2020/06/10 1:15 p.m.•41 views

CVE-2020-6270

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

6.5CVSS6.4AI score0.00253EPSS

CVE•added 2020/08/12 2:15 p.m.•38 views

CVE-2020-6310

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

4.3CVSS4.5AI score0.00398EPSS