Vulnerabilities > SAP > Netweaver Application Server Abap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-41728 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. | 2.7 |
| 2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |
| 2024-08-13 | CVE-2024-41734 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. | 4.3 |
| 2024-08-13 | CVE-2024-41732 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. | 5.4 |
| 2024-06-11 | CVE-2024-33001 | Unspecified vulnerability in SAP Netweaver Application Server Abap 20081710/740/Stpi20081700 SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application. | 6.5 |
| 2024-02-13 | CVE-2024-24740 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. | 5.3 |
| 2024-01-09 | CVE-2024-21738 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | 5.4 |
| 2023-12-12 | CVE-2023-49581 | SQL Injection vulnerability in SAP Netweaver Application Server Abap SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. | 9.4 |
| 2023-11-14 | CVE-2023-41366 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Netweaver Application Server Abap Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. | 5.3 |
| 2023-09-12 | CVE-2023-40309 | Incorrect Authorization vulnerability in SAP products SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. | 9.8 |