Vulnerabilities > SAP > Netweaver Application Server Abap

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-41214 Improper Input Validation vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted.
network
low complexity
sap CWE-20
8.7
2022-11-08 CVE-2022-41215 Open Redirect vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap CWE-601
4.7
2022-09-13 CVE-2022-35294 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack.
network
low complexity
sap CWE-79
5.4
2022-09-13 CVE-2022-39799 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.
network
low complexity
sap CWE-79
6.1
2022-05-11 CVE-2022-29610 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
network
sap CWE-79
3.5
2022-05-11 CVE-2022-29611 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2022-03-10 CVE-2022-26102 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction.
network
low complexity
sap CWE-862
5.4
2022-02-09 CVE-2022-22536 HTTP Request Smuggling vulnerability in SAP products
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.
network
low complexity
sap CWE-444
critical
10.0
2022-02-09 CVE-2022-22540 SQL Injection vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database.
network
low complexity
sap CWE-89
7.5
2022-01-14 CVE-2021-42067 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see.
network
low complexity
sap
4.3