VYPR

Gateway

by SAP

CVEs (5)

  • CVE-2019-0319HigJul 10, 2019
    risk 0.49cvss 7.5epss 0.03

    The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

  • CVE-2018-2433HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding…

  • CVE-2019-0248MedJan 8, 2019
    risk 0.38cvss 5.9epss 0.02

    Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.

  • CVE-2019-0338MedAug 14, 2019
    risk 0.35cvss 5.3epss 0.01

    During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

  • CVE-2026-44749MedMay 26, 2026
    risk 0.28cvss 4.3epss 0.00

    The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.