Vulnerabilities > SAP > Netweaver Application Server Abap

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-41728 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package.
network
low complexity
sap CWE-862
2.7
2024-09-10 CVE-2024-44114 Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network.
network
low complexity
sap CWE-863
2.7
2024-08-13 CVE-2024-41734 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information.
network
low complexity
sap CWE-862
4.3
2024-08-13 CVE-2024-41732 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls.
network
low complexity
sap
5.4
2024-06-11 CVE-2024-33001 Unspecified vulnerability in SAP Netweaver Application Server Abap 20081710/740/Stpi20081700
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application.
network
low complexity
sap
6.5
2024-02-13 CVE-2024-24740 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.
network
low complexity
sap CWE-732
5.3
2024-01-09 CVE-2024-21738 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.
network
low complexity
sap CWE-79
5.4
2023-12-12 CVE-2023-49581 SQL Injection vulnerability in SAP Netweaver Application Server Abap
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential.
network
low complexity
sap CWE-89
critical
9.4
2023-11-14 CVE-2023-41366 Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Netweaver Application Server Abap
Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.
network
low complexity
sap CWE-497
5.3
2023-09-12 CVE-2023-40309 Incorrect Authorization vulnerability in SAP products
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-863
critical
9.8