Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver abap application server - vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-0271
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45,...
Sap Advanced Business Application Programming Platform -
Sap Advanced Business Application Programming Server
Sap Sap Kernel 7.22
Sap Sap Kernel 7.21
Sap Sap Kernel 7.45
Sap Sap Kernel 7.49
Sap Sap Kernel 7.53
5.5
CVSSv2
CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'E...
Sap Advanced Business Application Programming Platform Kernel 7.73
Sap Advanced Business Application Programming Platform Kernel 7.75.
Sap Advanced Business Application Programming Platform Krnl64uc 7.73
Sap Advanced Business Application Programming Platform Krnl64uc 7.74
Sap Advanced Business Application Programming Platform Kernel 7.74
Sap Advanced Business Application Programming Platform Krnl64nuc 7.74
6.5
CVSSv2
CVE-2019-0257
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privil...
Sap Netweaver As Abap
Sap Netweaver Application Server Abap 7.31
Sap Netweaver Application Server Abap
Sap Netweaver Application Server Abap 7.30
Sap Netweaver Application Server Abap 7.40
4.3
CVSSv2
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an malicious user to access information which would otherwise be restricted.
Sap Netweaver 7.5
Sap Netweaver 7.53
Sap Netweaver 7.52
Sap Netweaver 7.51
Sap Basis 7.5
1 Article
4.3
CVSSv2
CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver 7.30
Sap Netweaver 7.31
Sap Netweaver 7.40
Sap Netweaver
5
CVSSv2
CVE-2015-2278
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-de...
Sap Maxdb 7.5
Sap Gui -
Sap Maxdb 7.6
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
Sap Netweaver Rfc Sdk -
Sap Rfc Library
1 Article
5
CVSSv2
CVE-2015-4158
SAP ABAP & Java Server allows remote malicious users to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
7.5
CVSSv2
CVE-2015-2282
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and ot...
Sap Maxdb 7.5
Sap Gui -
Sap Maxdb 7.6
Sap Netweaver Java Application Server -
Sap Netweaver Abap Application Server -
Sap Netweaver Rfc Sdk -
Sap Rfc Library
1 Article
NA
CVE-2014-09953
Core Security Technologies Advisory - A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP...
4.6
CVSSv2
CVE-2014-3130
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.
Sap Netweaver Abap Application Server -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »