Netweaver Application Server Abap Security Vulnerabilities and Issues — Netweaver Application Server Abap CVE List

Lucene search

SapNetweaver Application Server Abap

10 matches found

CVE•added 2022/11/08 10:15 p.m.•71 views

CVE-2022-41212

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentia...

4.9CVSS5AI score0.0011EPSS

CVE•added 2022/11/08 10:15 p.m.•61 views

CVE-2022-41215

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

4.7CVSS4.7AI score0.00108EPSS

CVE•added 2020/10/15 2:15 a.m.•60 views

CVE-2020-6371

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

4.3CVSS4.5AI score0.00302EPSS

CVE•added 2022/01/14 8:15 p.m.•54 views

CVE-2021-42067

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information a...

4.3CVSS4.5AI score0.00398EPSS

CVE•added 2021/10/12 3:15 p.m.•51 views

CVE-2021-40496

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request a...

4.3CVSS5.7AI score0.00416EPSS

CVE•added 2021/11/10 4:15 p.m.•42 views

CVE-2021-40504

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.

4.9CVSS5.2AI score0.00106EPSS

CVE•added 2020/07/14 1:15 p.m.•41 views

CVE-2020-6280

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

4CVSS4.1AI score0.00355EPSS

CVE•added 2024/08/13 5:15 a.m.•39 views

CVE-2024-41734

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

4.3CVSS4.6AI score0.00094EPSS

CVE•added 2020/08/12 2:15 p.m.•38 views

CVE-2020-6310

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

4.3CVSS4.5AI score0.00398EPSS

CVE•added 2020/08/12 2:15 p.m.•36 views

CVE-2020-6299

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

4.3CVSS4.6AI score0.00347EPSS