VYPR

SAP Application Server ABAP

by SAP

CVEs (7)

  • CVE-2021-21465CriJan 12, 2021
    risk 0.65cvss 9.9epss 0.04

    The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL…

  • CVE-2020-6262HigMay 12, 2020
    risk 0.57cvss 8.8epss 0.01

    Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the…

  • CVE-2026-0507HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.01

    Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this…

  • CVE-2026-0506HigJan 13, 2026
    risk 0.53cvss 8.1epss 0.00

    Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data…

  • CVE-2025-42904MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without…

  • CVE-2024-30218MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.01

    The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.

  • CVE-2025-42901MedOct 14, 2025
    risk 0.35cvss 5.4epss 0.00

    SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no…