Netweaver Application Server Abap Security Vulnerabilities and Issues — Netweaver Application Server Abap CVE List

Lucene search

SapNetweaver Application Server Abap

8 matches found

CVE•added 2022/05/11 3:15 p.m.•89 views

CVE-2022-29611

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.9AI score0.00345EPSS

CVE•added 2022/11/08 10:15 p.m.•66 views

CVE-2022-41214

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity...

8.7CVSS8.4AI score0.00119EPSS

CVE•added 2021/10/12 3:15 p.m.•56 views

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious co...

8.8CVSS8.6AI score0.00446EPSS

CVE•added 2019/02/15 6:29 p.m.•46 views

CVE-2019-0257

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.7AI score0.01101EPSS

CVE•added 2020/11/10 5:15 p.m.•43 views

CVE-2020-26818

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, result...

8.8CVSS8.2AI score0.00251EPSS

CVE•added 2020/08/12 2:15 p.m.•43 views

CVE-2020-6296

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

8.8CVSS8.7AI score0.00516EPSS

CVE•added 2020/11/10 5:15 p.m.•39 views

CVE-2020-26819

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

8.8CVSS8.4AI score0.00364EPSS

CVE•added 2021/05/11 3:15 p.m.•38 views

CVE-2021-27611

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.

8.2CVSS6.3AI score0.00111EPSS