Netweaver Application Server Abap@730 Security Vulnerabilities and Issues — Netweaver Application Server Abap@730 CVE List

Lucene search

SapNetweaver Application Server Abap730

16 matches found

CVE•added 2022/05/11 3:15 p.m.•89 views

CVE-2022-29611

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.9AI score0.00345EPSS

CVE•added 2023/01/10 4:15 a.m.•87 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguou...

9.8CVSS9.1AI score0.00236EPSS

CVE•added 2021/07/14 12:15 p.m.•68 views

CVE-2021-33678

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some...

7.5CVSS6.5AI score0.01004EPSS

CVE•added 2020/10/15 2:15 a.m.•60 views

CVE-2020-6371

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

4.3CVSS4.5AI score0.00302EPSS

CVE•added 2020/05/12 6:15 p.m.•59 views

CVE-2020-6240

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

7.5CVSS7.5AI score0.01642EPSS

CVE•added 2021/10/12 3:15 p.m.•56 views

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious co...

8.8CVSS8.6AI score0.00446EPSS

CVE•added 2022/01/14 8:15 p.m.•54 views

CVE-2021-42067

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information a...

4.3CVSS4.5AI score0.00398EPSS

CVE•added 2021/07/14 12:15 p.m.•52 views

CVE-2021-33677

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.

7.5CVSS7.2AI score0.00197EPSS

CVE•added 2021/10/12 3:15 p.m.•52 views

CVE-2021-38181

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

7.5CVSS7.7AI score0.00468EPSS

CVE•added 2021/10/12 3:15 p.m.•51 views

CVE-2021-40496

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request a...

4.3CVSS5.7AI score0.00416EPSS

CVE•added 2021/06/09 2:15 p.m.•49 views

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver A...

6.5CVSS7AI score0.00543EPSS

CVE•added 2021/06/09 2:15 p.m.•47 views

CVE-2021-21490

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current se...

6.1CVSS6AI score0.00248EPSS

CVE•added 2021/12/14 4:15 p.m.•46 views

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This coul...

7.2CVSS6.9AI score0.0012EPSS

CVE•added 2020/06/10 1:15 p.m.•42 views

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce th...

9.8CVSS9.3AI score0.00435EPSS

CVE•added 2021/11/10 4:15 p.m.•42 views

CVE-2021-40504

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.

4.9CVSS5.2AI score0.00106EPSS

CVE•added 2021/05/11 3:15 p.m.•38 views

CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.

8.2CVSS6.3AI score0.00111EPSS