Vulnerabilities > SAP > Netweaver Application Server Abap > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-41734 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information.
network
low complexity
sap CWE-862
4.3
2024-08-13 CVE-2024-41732 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls.
network
low complexity
sap
5.4
2024-06-11 CVE-2024-33001 Unspecified vulnerability in SAP Netweaver Application Server Abap 20081710/740/Stpi20081700
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application.
network
low complexity
sap
6.5
2024-02-13 CVE-2024-24740 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.
network
low complexity
sap CWE-732
5.3
2024-01-09 CVE-2024-21738 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.
network
low complexity
sap CWE-79
5.4
2023-11-14 CVE-2023-41366 Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Netweaver Application Server Abap
Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.
network
low complexity
sap CWE-497
5.3
2023-09-12 CVE-2023-40624 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application.
network
low complexity
sap CWE-79
5.4
2023-08-08 CVE-2023-37492 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2023-04-11 CVE-2023-27499 Cross-site Scripting vulnerability in SAP Netweaver and Netweaver Application Server Abap
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2023-04-11 CVE-2023-28763 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
network
low complexity
sap
6.5