Vulnerabilities > SAP > Netweaver Abap > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-33005 Missing Authorization vulnerability in SAP products
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions.
local
low complexity
sap CWE-862
6.3
2022-06-14 CVE-2022-29614 Improper Privilege Management vulnerability in SAP Host Agent and Netweaver Abap
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
low complexity
sap CWE-269
5.0
2022-06-14 CVE-2022-29612 Server-Side Request Forgery (SSRF) vulnerability in SAP Host Agent and Netweaver Abap
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information.
network
low complexity
sap CWE-918
4.3
2022-04-12 CVE-2022-28215 Open Redirect vulnerability in SAP Netweaver Abap 740/750/787
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap CWE-601
4.7
2022-02-09 CVE-2022-22545 Information Exposure vulnerability in SAP Netweaver Abap
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.
network
low complexity
sap CWE-200
4.9
2022-01-14 CVE-2021-42067 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see.
network
low complexity
sap
4.3
2021-10-12 CVE-2021-40495 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755.
network
low complexity
sap
5.3
2021-10-12 CVE-2021-40496 Exposure of Resource to Wrong Sphere vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data.
network
low complexity
sap CWE-668
4.3
2021-07-14 CVE-2021-33684 Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability.
network
low complexity
sap CWE-787
5.3
2021-06-09 CVE-2021-27634 Out-of-bounds Write vulnerability in SAP Netweaver Abap
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9