SAP NetWeaver Application Server ABAP

KRNL64NUC 7.22EXT

OTHER 1 CVE

WEBDISP 7.93

OTHER 1 CVE

WEBDISP 7.22_EXT

OTHER 1 CVE

KRNL64UC 7.22EXT

OTHER 1 CVE

WEBDISP 7.85

OTHER 1 CVE

WEBDISP 7.89

OTHER 1 CVE

WEBDISP 7.53

OTHER 1 CVE

WEBDISP 7.54

OTHER 1 CVE

WEBDISP 7.77

OTHER 1 CVE

SAP_BASIS 755

OTHER 4 CVEs

KRNL64UC 7.53

OTHER 2 CVEs

KERNEL 7.92

OTHER 1 CVE

SAP_BASIS 750

OTHER 4 CVEs

KERNEL 7.54

OTHER 2 CVEs

SAP_BASIS 758

OTHER 4 CVEs

SAP_BASIS 753

OTHER 4 CVEs

SAP_BASIS 731

OTHER 4 CVEs

SAP_BASIS 796

OTHER 1 CVE

KERNEL64UC 7.22EXT

OTHER 1 CVE

SAP_BASIS740

OTHER 1 CVE

7.93

MAJOR_MINOR 2 CVEs

7.22EXT

OTHER 1 CVE

KERNEL64NUC 7.22EXT

OTHER 1 CVE

KERNEL 7.77

OTHER 2 CVEs

KERNEL 722

OTHER 1 CVE

KERNEL 7.91

OTHER 1 CVE

SAP_BASIS 751

OTHER 4 CVEs

KERNEL64UC 7.53

OTHER 1 CVE

9.12

MAJOR_MINOR 1 CVE

SAP_BASIS 912

OTHER 2 CVEs

SAP_BASIS 756

OTHER 4 CVEs

SAP_BASIS 754

OTHER 4 CVEs

7.89

MAJOR_MINOR 2 CVEs

SAP_BASIS 702

OTHER 4 CVEs

KERNEL 7.53

OTHER 3 CVEs

SAP_UI 754

OTHER 1 CVE

KERNEL64NUC 7.22

OTHER 1 CVE

KERNEL 7.93

OTHER 2 CVEs

SAP_BASIS 752

OTHER 4 CVEs

SAP_BASIS 795

OTHER 1 CVE

7.54

MAJOR_MINOR 2 CVEs

756

SINGLE_NUMBER 1 CVE

KRNL64NUC 7.22

OTHER 2 CVEs

757

SINGLE_NUMBER 1 CVE

SAP_BASIS 740

OTHER 4 CVEs

7.53

MAJOR_MINOR 1 CVE

KRNL64UC 7.22

OTHER 2 CVEs

758

SINGLE_NUMBER 1 CVE

SAP_BASIS 701

OTHER 4 CVEs

7.77

MAJOR_MINOR 2 CVEs

SAP_BASIS 757

OTHER 4 CVEs

KERNEL 7.85

OTHER 2 CVEs

KERNEL 7.94

OTHER 1 CVE

KERNEL 7.89

OTHER 2 CVEs

SAP_BASIS731

OTHER 1 CVE

755

SINGLE_NUMBER 1 CVE

SAP_BASIS750

OTHER 1 CVE

KERNEL 7.22

OTHER 2 CVEs

SAP_BASIS 700

OTHER 5 CVEs

KERNEL64UC 7.22

OTHER 1 CVE

CVE-2025-0068

An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application.

MEDIUM Jan 14, 2025

CVE-2024-54198

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.

HIGH Dec 10, 2024

CVE-2024-47593

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.

MEDIUM Nov 12, 2024

CVE-2024-41734

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

MEDIUM Aug 13, 2024

CVE-2024-41732

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.

MEDIUM Aug 13, 2024

CVE-2024-33005

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.

MEDIUM Aug 13, 2024

CVE-2024-33006

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. 

CRITICAL May 14, 2024

CVE-2024-32733

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application

MEDIUM May 14, 2024

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

MEDIUM Dec 12, 2023

CVE-2023-41366

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

MEDIUM Nov 14, 2023