Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netweaver abap vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-6371
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 710
Sap Netweaver Application Server Abap 730
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 711
Sap Netweaver Application Server Abap 740
6.1
CVSSv3
CVE-2020-26835
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an malicious user to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 752
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 751
6.1
CVSSv3
CVE-2022-39799
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
Sap Netweaver Application Server Abap Kernel 7.77
Sap Netweaver Application Server Abap 7.81
Sap Netweaver Application Server Abap 7.85
Sap Netweaver Application Server Abap 7.89
Sap Netweaver Application Server Abap 7.54
4.7
CVSSv3
CVE-2022-41215
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated malicious user to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 789
6.1
CVSSv3
CVE-2023-24522
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended dat...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 701
6.7
CVSSv3
CVE-2021-27611
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged malicious user to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a de...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 730
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 701
6.1
CVSSv3
CVE-2022-27656
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver As Abap Krnl64uc 8.04
Sap Netweaver As Abap Krnl64uc 7.22ext
Sap Netweaver As Abap Krnl64uc 7.49
Sap Netweaver As Abap Krnl64uc 7.53
Sap Netweaver As Abap Krnl64uc 7.22
Sap Netweaver As Abap Kernel 7.22
Sap Netweaver As Abap Kernel 8.04
Sap Netweaver As Abap Kernel 7.49
Sap Netweaver As Abap Kernel 7.53
Sap Netweaver As Abap Kernel 7.77
Sap Netweaver As Abap Kernel 7.81
Sap Netweaver As Abap Kernel 7.85
Sap Netweaver As Abap Kernel 7.86
Sap Netweaver As Abap Kernel 7.87
Sap Webdispatcher 7.49
Sap Webdispatcher 7.53
Sap Webdispatcher 7.77
Sap Webdispatcher 7.81
Sap Webdispatcher 7.83
Sap Webdispatcher 7.85
Sap Webdispatcher 7.22ext
4.3
CVSSv3
CVE-2020-6299
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
Sap Abap Platform 751
Sap Abap Platform 753
Sap Abap Platform 755
Sap Abap Platform 740
Sap Abap Platform 750
Sap Abap Platform 754
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 751
Sap Netweaver Application Server Abap 755
5.4
CVSSv3
CVE-2022-26102
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authoriz...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 701
5.4
CVSSv3
CVE-2022-29610
SAP NetWeaver Application Server ABAP allows an authenticated malicious user to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 755
Sap Netweaver Application Server Abap 756
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »