Sap Netweaver vulnerabilities

CVE-2026-23685 [MEDIUM] CWE-502 CVE-2026-23685: Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution, potentially causing a denial of service. Successfu

CVE-2025-42968 [MEDIUM] CWE-862 CVE-2025-42968: SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function mo SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the

CVE-2025-42999 [CRITICAL] CWE-502 CVE-2025-42999: SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untr SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

CVE-2025-31324 [CRITICAL] CWE-434 CVE-2025-31324: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowi SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

CVE-2024-27898 [MEDIUM] CWE-918 CVE-2024-27898: SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafte SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on con

CVE-2024-25644 [MEDIUM] CWE-732 CVE-2024-25644: Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

CVE-2024-22124 [MEDIUM] CWE-497 CVE-2024-22124: Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERN Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted caus

CVE-2023-41367 [MEDIUM] CWE-306 CVE-2023-41367: Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability imp

CVE-2023-36922 [CRITICAL] CWE-78 CVE-2023-36922: Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system

CVE-2023-33984 [MEDIUM] CWE-79 CVE-2023-33984: SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.

CVE-2023-33985 [MEDIUM] CWE-79 CVE-2023-33985: SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integri

CVE-2023-32114 [LOW] CWE-732 CVE-2023-32114: SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and In

CVE-2023-27499 [MEDIUM] CWE-79 CVE-2023-27499: SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7 SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the atta

CVE-2023-29186 [HIGH] CWE-22 CVE-2023-29186: In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

CVE-2023-0021 [MEDIUM] CWE-79 CVE-2023-0021: Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, a Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially

CVE-2022-28217 [MEDIUM] CWE-918 CVE-2022-28217: Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document acc Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash.

CVE-2022-28773 [HIGH] CWE-674 CVE-2022-28773: Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the a Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

CVE-2022-28772 [HIGH] CWE-121 CVE-2022-28772: By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Di By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, le

CVE-2022-22534 [MEDIUM] CWE-79 CVE-2022-22534: Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inje Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

CVE-2021-38183 [MEDIUM] CWE-79 CVE-2021-38183: SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, al SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.