VYPR

Sap Web Application Server

by SAP

CVEs (81)

  • CVE-2026-0484Feb 10, 2026
    risk 0.00cvss epss 0.00

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no…

  • CVE-2026-0506Jan 13, 2026
    risk 0.00cvss epss 0.00

    Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data…

  • CVE-2025-42918Sep 9, 2025
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability

  • CVE-2025-42936Aug 12, 2025
    risk 0.00cvss epss 0.00

    The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This…

  • CVE-2025-42956Jul 8, 2025
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page…

  • CVE-2024-44114Sep 10, 2024
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

  • CVE-2024-41734Aug 13, 2024
    risk 0.00cvss epss 0.00

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

  • CVE-2024-41732Aug 13, 2024
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could …

  • CVE-2024-33005Aug 13, 2024
    risk 0.00cvss epss 0.00

    Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on…

  • CVE-2024-37180Jul 9, 2024
    risk 0.00cvss epss 0.00

    Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low…

  • CVE-2024-39599Jul 9, 2024
    risk 0.00cvss epss 0.00

    Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and…

  • CVE-2024-34687May 14, 2024
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification,…

  • CVE-2024-24740Feb 13, 2024
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on…

  • CVE-2024-21738Jan 9, 2024
    risk 0.00cvss epss 0.00

    SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful…

  • CVE-2023-41366Nov 14, 2023
    risk 0.00cvss epss 0.01

    Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22,…

  • CVE-2023-35874Jul 11, 2023
    risk 0.00cvss epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some…

  • CVE-2023-24529Feb 14, 2023
    risk 0.00cvss epss 0.00

    Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site…

  • CVE-2023-0013Jan 10, 2023
    risk 0.00cvss epss 0.00

    The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On…

  • CVE-2022-41212Nov 8, 2022
    risk 0.00cvss epss 0.01

    Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely…

  • CVE-2022-41214Nov 8, 2022
    risk 0.00cvss epss 0.01

    Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely…