Vulnerabilities > SAP > Netweaver Application Server Abap > 700
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22540 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. | 7.5 |
| 2021-12-14 | CVE-2021-44235 | OS Command Injection vulnerability in SAP Netweaver Application Server Abap Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. | 6.7 |
| 2021-11-10 | CVE-2021-40504 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions. | 4.9 |
| 2021-10-12 | CVE-2021-38178 | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. | 8.8 |
| 2021-10-12 | CVE-2021-38181 | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
| 2021-10-12 | CVE-2021-40496 | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. | 4.3 |
| 2021-07-14 | CVE-2021-33677 | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | 7.5 |
| 2021-07-14 | CVE-2021-33678 | Unspecified vulnerability in SAP Netweaver Application Server Abap A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. | 6.5 |
| 2021-06-16 | CVE-2021-27610 | Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | 9.8 |
| 2021-06-09 | CVE-2021-21473 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. | 6.3 |