Vulnerabilities > SAP > Netweaver Abap

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-33005 Missing Authorization vulnerability in SAP products
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions.
local
low complexity
sap CWE-862
6.3
2022-06-14 CVE-2022-29614 Improper Privilege Management vulnerability in SAP Host Agent and Netweaver Abap
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
low complexity
sap CWE-269
5.0
2022-06-14 CVE-2022-29612 Server-Side Request Forgery (SSRF) vulnerability in SAP Host Agent and Netweaver Abap
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information.
network
low complexity
sap CWE-918
4.3
2022-04-12 CVE-2022-28215 Open Redirect vulnerability in SAP Netweaver Abap 740/750/787
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap CWE-601
4.7
2022-02-09 CVE-2022-22543 Resource Exhaustion vulnerability in SAP Netweaver Abap and Netweaver AS Abap
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack.
network
low complexity
sap CWE-400
7.5
2022-02-09 CVE-2022-22545 Information Exposure vulnerability in SAP Netweaver Abap
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.
network
low complexity
sap CWE-200
4.9
2022-01-14 CVE-2021-42067 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see.
network
low complexity
sap
4.3
2021-10-12 CVE-2021-38178 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates.
network
low complexity
sap
8.8
2021-10-12 CVE-2021-38181 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2021-10-12 CVE-2021-40495 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755.
network
low complexity
sap
5.3