Vulnerabilities > SAP > Netweaver Application Server Abap > 791

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-27501 Path Traversal vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files.
network
low complexity
sap CWE-22
critical
9.6
2023-03-14 CVE-2023-25618 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable.
network
low complexity
sap
6.5
2023-03-14 CVE-2023-26459 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Abap
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.
network
low complexity
sap CWE-918
7.4
2023-03-14 CVE-2023-27269 Path Traversal vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.
network
low complexity
sap CWE-22
critical
9.6
2023-03-14 CVE-2023-27270 Resource Exhaustion vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable.
network
low complexity
sap CWE-400
6.5