VYPR

Sap Web Application Server

by SAP

CVEs (81)

  • CVE-2026-27671CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This…

  • CVE-2026-0507HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.01

    Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this…

  • CVE-2025-23186HigApr 8, 2025
    risk 0.55cvss 8.5epss 0.00

    In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited…

  • CVE-2024-54198HigDec 10, 2024
    risk 0.55cvss 8.5epss 0.01

    In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited…

  • CVE-2025-42976HigAug 12, 2025
    risk 0.53cvss 8.1epss 0.00

    SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component.…

  • CVE-2026-24316MedMar 10, 2026
    risk 0.42cvss 6.4epss 0.00

    SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to…

  • CVE-2026-24309MedMar 10, 2026
    risk 0.42cvss 6.4epss 0.00

    Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change…

  • CVE-2025-42904MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without…

  • CVE-2025-42975MedAug 12, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing…

  • CVE-2025-42945MedAug 12, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited…

  • CVE-2025-42942MedAug 12, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the…

  • CVE-2025-42981MedJul 8, 2025
    risk 0.40cvss 6.1epss 0.00

    Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's…

  • CVE-2025-42969MedJul 8, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On…

  • CVE-2025-26659MedMar 11, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful…

  • CVE-2025-25242MedMar 11, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its…

  • CVE-2024-45279MedSep 10, 2024
    risk 0.40cvss 6.1epss 0.00

    Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be…

  • CVE-2024-32733MedMay 14, 2024
    risk 0.40cvss 6.1epss 0.00

    Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker…

  • CVE-2018-2470MedOct 9, 2018
    risk 0.40cvss 6.1epss 0.01

    In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

  • CVE-2025-0059MedJan 14, 2025
    risk 0.39cvss 6.0epss 0.00

    Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able…

  • CVE-2025-42908MedOct 14, 2025
    risk 0.35cvss 5.4epss 0.00

    Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated authorization check. This…

Page 1 of 5