Vulnerabilities > SAP > Netweaver AS Abap Krnl64Uc

DATE CVE VULNERABILITY TITLE RISK
2022-06-14 CVE-2022-27668 Incorrect Authorization vulnerability in SAP products
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
network
low complexity
sap CWE-863
critical
9.8
2022-05-11 CVE-2022-29616 Out-of-bounds Write vulnerability in SAP products
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
network
low complexity
sap CWE-787
7.5
2022-05-11 CVE-2022-27656 Cross-site Scripting vulnerability in SAP products
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1