Versions
LM-CORE 7.50
GP-CORE 7.5
KERNEL 7.92
KERNEL 7.54
7.50
KERNEL64UC 7.22EXT
KERNEL64UC 8.04
KERNEL64NUC 7.22EXT
KERNEL 7.77
KERNEL 7.91
KERNEL64UC 7.53
MMR_SERVER 7.5
KERNEL 8.04
KERNEL 7.53
KERNEL64NUC 7.22
KERNEL 7.93
KERNEL 7.85
KERNEL 7.89
KERNEL 7.22
KERNEL64UC 7.22
Recent CVEs
CVE-2024-47582
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
CVE-2024-28164
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.
CVE-2024-34688
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application.
CVE-2023-42477
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
CVE-2023-40308
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.