Netweaver Application Server Abap@740 Security Vulnerabilities and Issues — Netweaver Application Server Abap@740 CVE List

Lucene search

SapNetweaver Application Server Abap740

51 matches found

CVE•added 2022/02/09 11:15 p.m.•91 views

CVE-2022-22540

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, ...

7.5CVSS7.4AI score0.00475EPSS

CVE•added 2022/05/11 3:15 p.m.•89 views

CVE-2022-29611

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.9AI score0.00345EPSS

CVE•added 2023/03/14 5:15 a.m.•88 views

CVE-2023-27269

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this...

9.6CVSS9.2AI score0.00417EPSS

CVE•added 2023/01/10 4:15 a.m.•87 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguou...

9.8CVSS9.1AI score0.00236EPSS

CVE•added 2022/11/08 10:15 p.m.•71 views

CVE-2022-41212

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentia...

4.9CVSS5AI score0.0011EPSS

CVE•added 2021/06/16 3:15 p.m.•70 views

CVE-2021-27610

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious ...

9.8CVSS8.6AI score0.0055EPSS

CVE•added 2021/07/14 12:15 p.m.•68 views

CVE-2021-33678

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some...

7.5CVSS6.5AI score0.01004EPSS

CVE•added 2022/11/08 10:15 p.m.•66 views

CVE-2022-41214

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity...

8.7CVSS8.4AI score0.00119EPSS

CVE•added 2022/11/08 10:15 p.m.•61 views

CVE-2022-41215

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

4.7CVSS4.7AI score0.00108EPSS

CVE•added 2020/10/15 2:15 a.m.•60 views

CVE-2020-6371

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

4.3CVSS4.5AI score0.00302EPSS

CVE•added 2023/12/12 2:15 a.m.•59 views

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase respo...

9.4CVSS6.6AI score0.00069EPSS

CVE•added 2023/03/14 6:15 a.m.•57 views

CVE-2023-27501

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete syst...

9.6CVSS9AI score0.00201EPSS

CVE•added 2021/10/12 3:15 p.m.•56 views

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious co...

8.8CVSS8.6AI score0.00446EPSS

CVE•added 2023/03/14 5:15 a.m.•56 views

CVE-2023-25618

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with ce...

6.5CVSS6.6AI score0.00191EPSS

CVE•added 2023/02/14 4:15 a.m.•55 views

CVE-2023-23860

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive i...

6.1CVSS6.1AI score0.00283EPSS

CVE•added 2023/03/14 6:15 a.m.•55 views

CVE-2023-27500

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.

9.6CVSS7.9AI score0.00417EPSS

CVE•added 2022/01/14 8:15 p.m.•54 views

CVE-2021-42067

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information a...

4.3CVSS4.5AI score0.00398EPSS

CVE•added 2023/03/14 5:15 a.m.•54 views

CVE-2023-26459

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an...

7.4CVSS7.5AI score0.00099EPSS

CVE•added 2021/07/14 12:15 p.m.•52 views

CVE-2021-33677

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.

7.5CVSS7.2AI score0.00197EPSS

CVE•added 2021/10/12 3:15 p.m.•52 views

CVE-2021-38181

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

7.5CVSS7.7AI score0.00468EPSS

CVE•added 2023/01/10 3:15 a.m.•52 views

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an a...

6.1CVSS6AI score0.00383EPSS

CVE•added 2023/02/14 4:15 a.m.•52 views

CVE-2023-24522

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to...

6.1CVSS6.4AI score0.00597EPSS

CVE•added 2021/10/12 3:15 p.m.•51 views

CVE-2021-40496

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request a...

4.3CVSS5.7AI score0.00416EPSS

CVE•added 2023/02/14 4:15 a.m.•50 views

CVE-2023-23858

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with t...

6.1CVSS6.2AI score0.0021EPSS

CVE•added 2021/06/09 2:15 p.m.•49 views

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver A...

6.5CVSS7AI score0.00543EPSS

CVE•added 2021/01/12 3:15 p.m.•47 views

CVE-2021-21446

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.

7.5CVSS7.5AI score0.00608EPSS

CVE•added 2021/10/12 3:15 p.m.•47 views

CVE-2021-40495

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Serve...

5.3CVSS5.9AI score0.00377EPSS

CVE•added 2023/02/14 4:15 a.m.•47 views

CVE-2023-23853

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read ...

6.1CVSS6.1AI score0.00214EPSS

CVE•added 2021/12/14 4:15 p.m.•46 views

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This coul...

7.2CVSS6.9AI score0.0012EPSS

CVE•added 2023/02/14 4:15 a.m.•46 views

CVE-2023-23854

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5.4CVSS5.8AI score0.0006EPSS

CVE•added 2023/02/14 4:15 a.m.•46 views

CVE-2023-25614

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive...

6.1CVSS6.4AI score0.00404EPSS

CVE•added 2023/03/14 5:15 a.m.•46 views

CVE-2023-27270

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain par...

6.5CVSS6.6AI score0.00193EPSS

CVE•added 2023/08/08 1:15 a.m.•46 views

CVE-2023-37492

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does no...

6.5CVSS5.7AI score0.00088EPSS

CVE•added 2024/06/11 3:15 a.m.•46 views

CVE-2024-33001

SAP NetWeaver and ABAP platform allows anattacker to impede performance for legitimate users by crashing or flooding theservice. Animpact of this Denial of Service vulnerability might be long response delaysand service interruptions, thus degrading the service quality experienced bylegitimate users...

6.5CVSS6.5AI score0.00393EPSS

CVE•added 2021/04/13 7:15 p.m.•44 views

CVE-2021-27603

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Av...

6.5CVSS6.5AI score0.00514EPSS

CVE•added 2020/11/10 5:15 p.m.•43 views

CVE-2020-26818

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, result...

8.8CVSS8.2AI score0.00251EPSS

CVE•added 2020/08/12 2:15 p.m.•43 views

CVE-2020-6296

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

8.8CVSS8.7AI score0.00516EPSS

CVE•added 2024/09/10 3:15 a.m.•43 views

CVE-2024-44114

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

2.7CVSS3.9AI score0.00074EPSS

CVE•added 2020/06/10 1:15 p.m.•42 views

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce th...

9.8CVSS9.3AI score0.00435EPSS

CVE•added 2021/11/10 4:15 p.m.•42 views

CVE-2021-40504

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.

4.9CVSS5.2AI score0.00106EPSS

CVE•added 2021/12/14 4:15 p.m.•42 views

CVE-2021-44231

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

9.8CVSS9.3AI score0.00626EPSS

CVE•added 2023/02/14 4:15 a.m.•42 views

CVE-2023-23859

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.

6.1CVSS6.2AI score0.00443EPSS

CVE•added 2024/09/10 4:15 a.m.•42 views

CVE-2024-41728

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

2.7CVSS3.6AI score0.00098EPSS

CVE•added 2020/06/10 1:15 p.m.•41 views

CVE-2020-6270

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

6.5CVSS6.4AI score0.00253EPSS

CVE•added 2020/07/14 1:15 p.m.•41 views

CVE-2020-6280

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

4CVSS4.1AI score0.00355EPSS

CVE•added 2020/11/10 5:15 p.m.•39 views

CVE-2020-26819

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

8.8CVSS8.4AI score0.00364EPSS

CVE•added 2020/12/09 5:15 p.m.•38 views

CVE-2020-26835

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

6.1CVSS5.9AI score0.00371EPSS

CVE•added 2020/08/12 2:15 p.m.•38 views

CVE-2020-6310

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

4.3CVSS4.5AI score0.00398EPSS

CVE•added 2020/08/12 2:15 p.m.•36 views

CVE-2020-6299

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

4.3CVSS4.6AI score0.00347EPSS

CVE•added 2024/01/09 2:15 a.m.•35 views

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

5.4CVSS5.2AI score0.00198EPSS

Total number of security vulnerabilities51