VYPR

Netweaver Business Warehouse

by SAP

CVEs (8)

  • CVE-2026-27681CriApr 14, 2026
    risk 0.64cvss 9.9epss 0.01

    Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and…

  • CVE-2017-16685MedDec 12, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.

  • CVE-2023-33992MedJul 11, 2023
    risk 0.29cvss 4.5epss 0.00

    The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the…

  • CVE-2025-42954LowJul 8, 2025
    risk 0.18cvss 2.7epss 0.00

    SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to…

  • CVE-2026-27686Mar 10, 2026
    risk 0.00cvss epss 0.00

    Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially…

  • CVE-2014-8663Nov 6, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-8312Oct 16, 2014
    risk 0.00cvss epss 0.02

    Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.

  • CVE-2014-5174Jul 31, 2014
    risk 0.00cvss epss 0.02

    The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.