Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netweaver abap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41212
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely comprom...
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 804
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 789
383
VMScore
CVE-2020-26835
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an malicious user to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 752
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 751
NA
CVE-2023-24522
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended dat...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 701
409
VMScore
CVE-2021-27611
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged malicious user to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a de...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 730
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 701
NA
CVE-2022-39799
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
Sap Netweaver Application Server Abap Kernel 7.77
Sap Netweaver Application Server Abap 7.81
Sap Netweaver Application Server Abap 7.85
Sap Netweaver Application Server Abap 7.89
Sap Netweaver Application Server Abap 7.54
NA
CVE-2022-41215
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated malicious user to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 789
383
VMScore
CVE-2022-27656
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver As Abap Krnl64uc 8.04
Sap Netweaver As Abap Krnl64uc 7.22ext
Sap Netweaver As Abap Krnl64uc 7.49
Sap Netweaver As Abap Krnl64uc 7.53
Sap Netweaver As Abap Krnl64uc 7.22
Sap Netweaver As Abap Kernel 7.22
Sap Netweaver As Abap Kernel 8.04
Sap Netweaver As Abap Kernel 7.49
Sap Netweaver As Abap Kernel 7.53
Sap Netweaver As Abap Kernel 7.77
Sap Netweaver As Abap Kernel 7.81
Sap Netweaver As Abap Kernel 7.85
Sap Netweaver As Abap Kernel 7.86
Sap Netweaver As Abap Kernel 7.87
Sap Webdispatcher 7.49
Sap Webdispatcher 7.53
Sap Webdispatcher 7.77
Sap Webdispatcher 7.81
Sap Webdispatcher 7.83
Sap Webdispatcher 7.85
Sap Webdispatcher 7.22ext
357
VMScore
CVE-2020-6299
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
Sap Abap Platform 751
Sap Abap Platform 753
Sap Abap Platform 755
Sap Abap Platform 740
Sap Abap Platform 750
Sap Abap Platform 754
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 751
Sap Netweaver Application Server Abap 755
490
VMScore
CVE-2022-26102
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authoriz...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 701
312
VMScore
CVE-2022-29610
SAP NetWeaver Application Server ABAP allows an authenticated malicious user to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 755
Sap Netweaver Application Server Abap 756
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »