Vulnerabilities > SAP > Netweaver Application Server Abap > 751
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-41728 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. | 2.7 |
| 2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |
| 2024-01-09 | CVE-2024-21738 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | 5.4 |
| 2023-04-11 | CVE-2023-28763 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. | 6.5 |
| 2023-03-14 | CVE-2023-27500 | Path Traversal vulnerability in SAP Netweaver Application Server Abap An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. | 8.1 |
| 2023-03-14 | CVE-2023-27501 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. | 9.6 |
| 2023-03-14 | CVE-2023-25618 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. | 6.5 |
| 2023-03-14 | CVE-2023-26459 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. | 7.4 |
| 2023-03-14 | CVE-2023-27269 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. | 9.6 |
| 2023-03-14 | CVE-2023-27270 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. | 6.5 |