Versions
2008_1_710
ST-PI 2008_1_700
731
SAP_BASIS 755
7.97
KRNL64NUC 7.22EXT
KRNL64UC 7.53
KERNEL 7.92
SAP_BASIS 750
KERNEL 7.54
KRNL64UC 7.22EXT
9.13
SAP_BASIS 794
SAP_BASIS 758
SAP_BASIS 753
SAP_BASIS 731
SAP_BASIS 796
KERNEL64UC 7.22EXT
SAP_BASIS740
7.93
SAP_BASIS 804
751
7.22EXT
KERNEL64NUC 7.22EXT
KERNEL 7.77
KERNEL 722
KERNEL 7.91
SAP_BASIS 751
754
KERNEL64UC 7.53
740
700
9.12
SAP_BASIS 912
750
SAP_BASIS 756
701
SAP_BASIS 754
7.89
SAP_BASIS 702
KERNEL 7.53
753
KERNEL64NUC 7.22
KERNEL 7.81
KERNEL 7.93
SAP_BASIS 752
KRNL64NUC 722
SAP_BASIS 795
912
7.54
756
KRNL64NUC 7.22
757
SAP_BASIS 740
7.53
KRNL64UC 7.22
758
SAP_BASIS 701
8.04
7.77
SAP_BASIS 757
9.14
KERNEL 7.85
KERNEL 7.94
KERNEL 7.89
SAP_BASIS731
755
SAP_BASIS750
SAP_BASIS 793
702
KERNEL64UC 7.22
KERNEL 7.22
SAP_BASIS 700
752
Recent CVEs
CVE-2025-0070
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.
CVE-2024-47585
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.
CVE-2024-47586
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.
CVE-2024-41734
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
CVE-2024-33006
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.
CVE-2024-32733
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application
CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
CVE-2023-49581
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.
CVE-2023-37492
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.
CVE-2023-35874
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.