18 matches found
CVE-2025-0053
The CVE-2025-0053 entry concerns SAP NetWeaver Application Server for ABAP/ABAP Platform where an attacker can unauthenticatedly retrieve system information (e.g., configuration) via a specific URL parameter. The impact is described as limited to confidentiality, potentially aiding further attack...
CVE-2025-0066
CVE-2025-0066 affects SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework). The root cause is weak access controls that allow an authenticated or potentially network-based actor to access restricted information, impacting confidentiality, integrity, and availability. Mul...
CVE-2024-39599
CVE-2024-39599 affects SAP NetWeaver Application Server for ABAP and ABAP Platform. The issue is a protection mechanism failure that allows a developer to bypass the configured malware scanner API due to a programming error. The practical impact is described as low for confidentiality, integrity,...
CVE-2025-0063
CVE-2025-0063 concerns SAP NetWeaver AS ABAP and ABAP Platform. Reported flaw: the ABAP Application Server/Platform does not check authorization for certain RFC function modules, potentially enabling a user with basic (low-privilege) access to gain full control over data in an Informix database, ...
CVE-2024-34689
The CVE-2024-34689 issue affects SAP Business Workflow’s WebFlow Services. An authenticated attacker can enumerate HTTP endpoints accessible on the internal network by sending specially crafted HTTP requests, leading to information disclosure. The impact is limited to confidentiality (information...
CVE-2025-0058
SAP Business Workflow and SAP Flexible Workflow are affected by CVE-2025-0058. An authenticated attacker can manipulate a parameter in a legitimate resource request to view sensitive information that should be restricted, without modifying the information or causing unavailability. The report cit...
CVE-2024-37180
Technical details (affected components, root cause, versions, exploit information) are not publicly provided in the supplied documents. Monitor for updates from SAP and security feeds before drawing conclusions.
CVE-2025-23193
CVE-2025-23193 describes an information-disclosure vulnerability in SAP NetWeaver Server ABAP. An unauthenticated attacker can provoke the server to respond differently depending on the existence of a specified user, potentially leaking sensitive information. The issue does not enable data modifi...
CVE-2024-34687
CVE-2024-34687 affects SAP NetWeaver Application Server for ABAP and ABAP Platform. The vulnerability is an XSS issue caused by insufficient encoding of user-controlled inputs, potentially allowing an attacker to inject code that runs in a user’s browser. Impact aligns with the vuln description: ...
CVE-2016-4551
The CVE-2016-4551 issue affects SAP NetWeaver 2004s, specifically the SAP_BASIS and SAP_ABA components (version 7.00 SP Level 0031). The root cause is a vulnerability that could allow remote attackers to spoof IP addresses written to the Security Audit Log, leveraging network landscape-related ve...
CVE-2026-23687
CVE-2026-23687 affects SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML to the verifier, potentially allowing tampered identity information and leading to unauthorized access to...
CVE-2025-42936
CVE-2025-42936 affects SAP NetWeaver Application Server for ABAP. The root cause is missing support for distinguishing authorizations across roles, allowing authenticated users to access restricted objects in the barcode interface and causing privilege escalation. Impact is described as low for c...
CVE-2025-42956
CVE-2025-42956 concerns SAP NetWeaver Application Server ABAP and ABAP Platform. The connected documents provide concrete details: an unauthenticated attacker can craft a publicly available malicious link; when an authenticated user clicks it, injected data is used during page generation, resulti...
CVE-2025-42986
CVE-2025-42986 concerns SAP BASIS with a missing authorization check in an obsolete RFC-enabled function module. The root cause allows an authenticated, low-privilege attacker to invoke a Remote Function Call (RFC) and potentially access restricted system information. The documented impact is lim...
CVE-2025-42918
The CVE-2025-42918 vulnerability affects SAP NetWeaver Application Server for ABAP. It arises from missing authorization checks that allow authenticated users with access to background processing to read profile parameters, leading to a low confidentiality impact with no effect on integrity or av...
CVE-2026-24312
SAP Business Workflow suffers a privilege-escalation flaw caused by an erroneous authorization check. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to perform unauthorized high-privilege actions. This primarily impacts d...
CVE-2025-42911
CVE-2025-42911 affects SAP NetWeaver (Service Data Download). An authenticated user can call a remote-enabled function module, potentially exposing information about the SAP system and operating system. The impact is described as low confidentiality impact, with no stated effects on integrity or ...
CVE-2026-0484
CVE-2026-0484 affects SAP NetWeaver Application Server ABAP and SAP S/4HANA. The root cause is a missing authorization check that enables an authenticated attacker to access a specific transaction code and modify text data, impacting integrity (I: High) while confidentiality and availability rema...