Versions
SAP_BASIS 755
KRNL64NUC 7.22EXT
KRNL64UC 7.53
KERNEL 7.92
SAP_BASIS 750
KERNEL 7.54
KRNL64UC 7.22EXT
SAP_BASIS 758
SAP_BASIS 753
SAP_BASIS 731
KERNEL64UC 7.22EXT
SAP_BASIS 804
KERNEL64UC 8.04
KERNEL64NUC 7.22EXT
KERNEL 7.77
KERNEL 7.91
SAP_BASIS 751
KERNEL64UC 7.53
SAP_BASIS 756
SAP_BASIS 754
SAP_BASIS 702
KERNEL 8.04
KERNEL 7.53
KERNEL64NUC 7.22
KERNEL 7.93
SAP_BASIS 752
KRNL64NUC 722
KERNEL 7.81
KRNL64NUC 7.22
SAP_BASIS 740
KRNL64UC 7.22
SAP_BASIS 701
SAP_BASIS 757
KERNEL 7.85
KERNEL 7.89
SAP_BASIS 793
KERNEL 7.22
SAP_BASIS 700
KERNEL64UC 7.22
Recent CVEs
CVE-2025-0063
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.
CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
CVE-2023-40308
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
CVE-2023-37492
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.
CVE-2023-35874
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.