Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netweaver as abap vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and previous versions allows remote malicious users to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 201663...
Sap Netweaver Abap
3.5
CVSSv2
CVE-2014-8312
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
Sap Netweaver Abap 7.31
4
CVSSv2
CVE-2017-9843
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.
Sap Netweaver Abap 7.40
5
CVSSv2
CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and previous versions allows remote malicious users to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
Sap Netweaver 7.0
Sap Netweaver 7.02
Sap Netweaver 7.01
Sap Netweaver 4.0
Sap Netweaver
Sap Netweaver 7.30
Sap Netweaver 7.10
Sap Netweaver 7.03
Sap Netweaver 6.4
7.5
CVSSv2
CVE-2014-8587
SAPCRYPTOLIB prior to 5.555.38, SAPSECULIB, and CommonCryptoLib prior to 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote malicious users to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
Sap Commoncryptolib
Sap Sapcryptolib
Sap Sapseculib -
Sap Hana -
Sap Netweaver
7.6
CVSSv2
CVE-2011-1516
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x up to and including 10.7.x do not propagate restrictions to all created processes, which allows remote malicious users to access network resources via a crafted application, as demonstrat...
Apple Mac Os X 10.5.1
Apple Mac Os X 10.5.2
Apple Mac Os X 10.6.0
Apple Mac Os X 10.6.1
Apple Mac Os X 10.6.8
Apple Mac Os X 10.7.0
Apple Mac Os X 10.5.0
Apple Mac Os X 10.5.7
Apple Mac Os X 10.5.8
Apple Mac Os X 10.6.6
Apple Mac Os X 10.6.7
Apple Mac Os X 10.5.3
Apple Mac Os X 10.5.4
Apple Mac Os X 10.6.2
Apple Mac Os X 10.6.3
Apple Mac Os X 10.7.1
Apple Mac Os X 10.7.2
Apple Mac Os X 10.5.5
Apple Mac Os X 10.5.6
Apple Mac Os X 10.6.4
Apple Mac Os X 10.6.5
1 EDB exploit
6.5
CVSSv2
CVE-2018-2494
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
Sap Business Application Software Integrated Solution
Sap Business Application Software Integrated Solution 7.31
Sap Business Application Software Integrated Solution 7.40
NA
CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
5.5
CVSSv2
CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'E...
Sap Advanced Business Application Programming Platform Krnl64uc 7.74
Sap Advanced Business Application Programming Platform Kernel 7.74
Sap Advanced Business Application Programming Platform Kernel 7.73
Sap Advanced Business Application Programming Platform Kernel 7.75.
Sap Advanced Business Application Programming Platform Krnl64nuc 7.74
Sap Advanced Business Application Programming Platform Krnl64uc 7.73
NA
CVE-2024-27902
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious malicious user to access and modify data thro...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »