Vulnerabilities > SAP > Netweaver Application Server Abap > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-40308 Unspecified vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap
7.5
2023-07-11 CVE-2023-35874 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity.
network
low complexity
sap
7.4
2023-03-14 CVE-2023-27500 Path Traversal vulnerability in SAP Netweaver Application Server Abap
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files.
network
low complexity
sap CWE-22
8.1
2023-03-14 CVE-2023-26459 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.
network
low complexity
sap
7.4
2022-11-08 CVE-2022-41214 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted.
network
low complexity
sap
8.7
2022-05-11 CVE-2022-29611 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap
8.8
2022-02-09 CVE-2022-22540 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database.
network
low complexity
sap
7.5
2021-10-12 CVE-2021-38178 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates.
network
low complexity
sap
8.8
2021-10-12 CVE-2021-38181 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2021-07-14 CVE-2021-33677 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.
network
low complexity
sap
7.5