Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

sap basis vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2024-22131
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the malicious user to use the interface to invoke an application funct...
NA
CVE-2023-29110
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and li...
Sap Abap Platform 75cSap Abap Platform 75dSap Abap Platform 75eSap Basis 755Sap Basis 756Sap S4core 101Sap Application Interface Framework Aifx 702Sap Application Interface Framework Aif 703Sap S4core 100
NA
CVE-2023-29109
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip ...
Sap Abap Platform 75cSap Abap Platform 75dSap Abap Platform 75eSap Basis 755Sap Basis 756Sap S4core 101Sap Application Interface Framework Aifx 702Sap Application Interface Framework Aif 703
NA
CVE-2022-41264
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator malicious user to access a system class and execute any of its public methods with parameters ...
Sap Basis 7.31Sap Basis 7.40Sap Basis 7.50Sap Basis 7.51Sap Basis 7.52Sap Basis 7.53Sap Basis 7.54Sap Basis 7.55Sap Basis 7.56Sap Basis 7.57Sap Basis 7.89Sap Basis 7.90Sap Basis 7.91
4
CVSSv2
CVE-2020-6307
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.
Sap Basis 7.0Sap Basis 7.01Sap Basis 7.02Sap Basis 7.31Sap Basis 7.40Sap Basis 7.50Sap Basis 7.51Sap Basis 7.52Sap Basis 7.53Sap Basis 7.54
9
CVSSv2
CVE-2019-0328
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.
Sap Netweaver Process Integration 7.0Sap Netweaver Process Integration 7.1Sap Netweaver Process Integration 7.31Sap Netweaver Process Integration 7.5Sap Netweaver Process Integration 7.3Sap Netweaver Process Integration 7.4
4.3
CVSSv2
CVE-2019-0321
ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver As Abap 7.4Sap Netweaver As Abap 7.5Sap Netweaver Application Server Abap 7.31
6.5
CVSSv2
CVE-2019-0279
ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authentica...
Sap Business Application Software Integrated Solution 7.31Sap Business Application Software Integrated SolutionSap Business Application Software Integrated Solution 7.40
4.3
CVSSv2
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an malicious user to access information which would otherwise be restricted.
Sap Netweaver 7.52Sap Netweaver 7.5Sap Netweaver 7.53Sap Netweaver 7.51Sap Basis 7.5
6.5
CVSSv2
CVE-2018-2494
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
Sap Business Application Software Integrated SolutionSap Business Application Software Integrated Solution 7.31Sap Business Application Software Integrated Solution 7.40
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook