Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Netweaver Application Server Abap
Total 70 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38181 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2023-12-10 5.0 MEDIUM 7.5 HIGH
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2021-42067 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
CVE-2021-40499 1 Sap 1 Netweaver Application Server Abap 2023-12-10 7.5 HIGH 9.8 CRITICAL
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2021-40504 1 Sap 1 Netweaver Application Server Abap 2023-12-10 4.0 MEDIUM 4.9 MEDIUM
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.
CVE-2021-27610 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2023-12-10 7.5 HIGH 9.8 CRITICAL
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
CVE-2021-33677 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2023-12-10 5.0 MEDIUM 7.5 HIGH
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.
CVE-2021-33684 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
CVE-2021-33678 1 Sap 1 Netweaver Application Server Abap 2023-12-10 7.5 HIGH 6.5 MEDIUM
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
CVE-2021-33664 1 Sap 1 Netweaver Application Server Abap 2023-12-10 3.5 LOW 5.4 MEDIUM
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2021-33665 1 Sap 1 Netweaver Application Server Abap 2023-12-10 3.5 LOW 5.4 MEDIUM
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2021-21473 1 Sap 1 Netweaver Application Server Abap 2023-12-10 6.5 MEDIUM 6.3 MEDIUM
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
CVE-2021-27611 1 Sap 1 Netweaver Application Server Abap 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.
CVE-2021-21490 1 Sap 1 Netweaver Application Server Abap 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.
CVE-2021-27603 1 Sap 1 Netweaver Application Server Abap 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
CVE-2021-33663 1 Sap 1 Netweaver Application Server Abap 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.
CVE-2020-6371 1 Sap 1 Netweaver Application Server Abap 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.
CVE-2021-21446 1 Sap 1 Netweaver Application Server Abap 2023-12-10 5.0 MEDIUM 7.5 HIGH
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.
CVE-2020-26819 1 Sap 1 Netweaver Application Server Abap 2023-12-10 6.5 MEDIUM 8.8 HIGH
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.
CVE-2020-26832 1 Sap 2 Netweaver Application Server Abap, S\/4 Hana 2023-12-10 7.5 HIGH 7.6 HIGH
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
CVE-2020-26818 1 Sap 1 Netweaver Application Server Abap 2023-12-10 6.5 MEDIUM 8.8 HIGH
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.