Netweaver Application Server Abap@731 Security Vulnerabilities and Issues — Netweaver Application Server Abap@731 CVE List

Lucene search

SapNetweaver Application Server Abap731

15 matches found

CVE•added 2023/03/14 5:15 a.m.•88 views

CVE-2023-27269

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this...

9.6CVSS9.2AI score0.00417EPSS

CVE•added 2023/01/10 4:15 a.m.•87 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguou...

9.8CVSS9.1AI score0.00236EPSS

CVE•added 2023/12/12 2:15 a.m.•59 views

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase respo...

9.4CVSS6.6AI score0.00069EPSS

CVE•added 2023/03/14 6:15 a.m.•57 views

CVE-2023-27501

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete syst...

9.6CVSS9AI score0.00201EPSS

CVE•added 2023/03/14 5:15 a.m.•56 views

CVE-2023-25618

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with ce...

6.5CVSS6.6AI score0.00191EPSS

CVE•added 2023/03/14 6:15 a.m.•55 views

CVE-2023-27500

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.

9.6CVSS7.9AI score0.00417EPSS

CVE•added 2023/03/14 5:15 a.m.•54 views

CVE-2023-26459

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an...

7.4CVSS7.5AI score0.00099EPSS

CVE•added 2023/01/10 3:15 a.m.•52 views

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an a...

6.1CVSS6AI score0.00383EPSS

CVE•added 2023/02/14 4:15 a.m.•52 views

CVE-2023-24522

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to...

6.1CVSS6.4AI score0.00597EPSS

CVE•added 2023/09/12 3:15 a.m.•49 views

CVE-2023-40624

SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavi...

5.5CVSS5.4AI score0.0011EPSS

CVE•added 2023/02/14 4:15 a.m.•47 views

CVE-2023-23853

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read ...

6.1CVSS6.1AI score0.00214EPSS

CVE•added 2023/02/14 4:15 a.m.•46 views

CVE-2023-23854

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5.4CVSS5.8AI score0.0006EPSS

CVE•added 2023/02/14 4:15 a.m.•46 views

CVE-2023-25614

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive...

6.1CVSS6.4AI score0.00404EPSS

CVE•added 2023/03/14 5:15 a.m.•46 views

CVE-2023-27270

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain par...

6.5CVSS6.6AI score0.00193EPSS

CVE•added 2023/08/08 1:15 a.m.•46 views

CVE-2023-37492

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does no...

6.5CVSS5.7AI score0.00088EPSS