VYPR

ABAP Platform

by SAP

CVEs (49)

  • CVE-2022-29612MedJun 14, 2022
    risk 0.28cvss 4.3epss 0.01

    SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of…

  • CVE-2020-6310MedAug 12, 2020
    risk 0.28cvss 4.3epss 0.01

    Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

  • CVE-2020-6299MedAug 12, 2020
    risk 0.28cvss 4.3epss 0.01

    SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

  • CVE-2025-42935MedAug 12, 2025
    risk 0.27cvss 4.1epss 0.00

    The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the…

  • CVE-2025-30015MedApr 8, 2025
    risk 0.27cvss 4.1epss 0.00

    Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This…

  • CVE-2024-21738MedJan 9, 2024
    risk 0.27cvss 4.1epss 0.00

    SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful…

  • CVE-2020-6280LowJul 14, 2020
    risk 0.18cvss 2.7epss 0.01

    SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

  • CVE-2026-24320Feb 10, 2026
    risk 0.00cvss epss 0.00

    Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may…

  • CVE-2026-0506Jan 13, 2026
    risk 0.00cvss epss 0.00

    Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data…

Page 3 of 3