VYPR

ABAP Platform

by SAP

CVEs (50)

  • CVE-2022-22536CriKEVFeb 9, 2022
    risk 0.88cvss 10.0epss 0.98

    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary…

  • CVE-2026-44748CriJun 9, 2026
    risk 0.64cvss 9.9epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to…

  • CVE-2022-27668CriJun 14, 2022
    risk 0.64cvss 9.8epss 0.02

    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC…

  • CVE-2023-0014CriJan 10, 2023
    risk 0.59cvss 9.0epss 0.01

    SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system…

  • CVE-2026-23687HigFeb 10, 2026
    risk 0.57cvss 8.8epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized…

  • CVE-2025-0063HigJan 14, 2025
    risk 0.57cvss 8.8epss 0.01

    SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of…

  • CVE-2022-41214HigNov 8, 2022
    risk 0.57cvss 8.7epss 0.01

    Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely…

  • CVE-2022-29611HigMay 11, 2022
    risk 0.57cvss 8.8epss 0.01

    SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

  • CVE-2021-38178HigOct 12, 2021
    risk 0.57cvss 8.8epss 0.01

    The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this…

  • CVE-2020-6296HigAug 12, 2020
    risk 0.57cvss 8.8epss 0.01

    SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the…

  • CVE-2019-0270HigMar 12, 2019
    risk 0.57cvss 8.8epss 0.01

    ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT,…

  • CVE-2018-2494HigDec 11, 2018
    risk 0.52cvss 8.0epss 0.01

    Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.

  • CVE-2022-29616HigMay 11, 2022
    risk 0.49cvss 7.5epss 0.01

    SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.

  • CVE-2022-22543HigFeb 9, 2022
    risk 0.49cvss 7.5epss 0.01

    SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information,…

  • CVE-2021-38181HigOct 12, 2021
    risk 0.49cvss 7.5epss 0.01

    SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

  • CVE-2021-27631HigJun 9, 2021
    risk 0.49cvss 7.5epss 0.02

    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the…

  • CVE-2023-25615MedMar 14, 2023
    risk 0.44cvss 6.8epss 0.01

    Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended…

  • CVE-2024-34687MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification,…

  • CVE-2024-30218MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.01

    The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.

  • CVE-2021-27604MedApr 14, 2021
    risk 0.42cvss 6.5epss 0.01

    In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.

Page 1 of 3