VYPR

ABAP Platform

by SAP

CVEs (49)

  • CVE-2019-0271MedMar 12, 2019
    risk 0.42cvss 6.5epss 0.01

    ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel…

  • CVE-2025-42969MedJul 8, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On…

  • CVE-2024-32733MedMay 14, 2024
    risk 0.40cvss 6.1epss 0.00

    Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker…

  • CVE-2019-0321MedJul 10, 2019
    risk 0.40cvss 6.1epss 0.01

    ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

  • CVE-2023-35874MedJul 11, 2023
    risk 0.39cvss 6.0epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some…

  • CVE-2020-6181MedFeb 12, 2020
    risk 0.38cvss 5.8epss 0.01

    Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user,…

  • CVE-2021-40495MedOct 12, 2021
    risk 0.35cvss 5.3epss 0.01

    There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP…

  • CVE-2025-42902MedOct 14, 2025
    risk 0.34cvss 5.3epss 0.00

    Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash.…

  • CVE-2023-29108MedApr 11, 2023
    risk 0.33cvss 5.0epss 0.00

    The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

  • CVE-2025-42949MedAug 12, 2025
    risk 0.32cvss 4.9epss 0.00

    Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database…

  • CVE-2023-37492MedAug 8, 2023
    risk 0.32cvss 4.9epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793,…

  • CVE-2022-41212MedNov 8, 2022
    risk 0.32cvss 4.9epss 0.01

    Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely…

  • CVE-2022-22545MedFeb 9, 2022
    risk 0.32cvss 4.9epss 0.01

    A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.

  • CVE-2021-40504MedNov 10, 2021
    risk 0.32cvss 4.9epss 0.01

    A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.

  • CVE-2019-0265MedFeb 15, 2019
    risk 0.32cvss 4.9epss 0.02

    SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22,…

  • CVE-2022-41215MedNov 8, 2022
    risk 0.31cvss 4.7epss 0.00

    SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

  • CVE-2022-28215MedApr 12, 2022
    risk 0.31cvss 4.7epss 0.01

    SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

  • CVE-2025-24872MedFeb 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This…

  • CVE-2024-41734MedAug 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

  • CVE-2024-27900MedMar 12, 2024
    risk 0.28cvss 4.3epss 0.00

    Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.