Vulnerabilities > SAP > Netweaver Application Server Abap > 804
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-08 | CVE-2023-37492 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2022-11-08 | CVE-2022-41212 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. | 4.9 |
| 2022-11-08 | CVE-2022-41214 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. | 8.7 |
| 2021-12-14 | CVE-2021-44231 | Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap Internally used text extraction reports allow an attacker to inject code that can be executed by the application. | 9.8 |
| 2021-07-14 | CVE-2021-33677 | Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. | 7.5 |
| 2021-06-16 | CVE-2021-27610 | Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | 9.8 |
| 2020-05-12 | CVE-2020-6240 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service | 7.5 |