Vulnerabilities > SAP > Netweaver Application Server Abap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-40624 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. | 5.4 |
| 2023-09-12 | CVE-2023-40308 | Out-of-bounds Write vulnerability in SAP products SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. | 7.5 |
| 2023-08-08 | CVE-2023-37492 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2023-07-11 | CVE-2023-35874 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. | 7.4 |
| 2023-04-11 | CVE-2023-27499 | Cross-site Scripting vulnerability in SAP Netweaver and Netweaver Application Server Abap SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-04-11 | CVE-2023-28763 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. | 6.5 |
| 2023-03-14 | CVE-2023-27500 | Path Traversal vulnerability in SAP Netweaver Application Server Abap An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. | 8.1 |
| 2023-03-14 | CVE-2023-27501 | Path Traversal vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. | 9.6 |
| 2023-03-14 | CVE-2023-25618 | Resource Exhaustion vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. | 6.5 |
| 2023-03-14 | CVE-2023-26459 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Abap Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. | 7.4 |