Sap Netweaver As Abap Krnl64Uc vulnerabilities

CVE-2026-0509 [CRITICAL] CWE-862 CVE-2026-0509: SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

CVE-2026-24320 [LOW] CWE-113 CVE-2026-24320: Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an a Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. S

CVE-2022-27668 [CRITICAL] CWE-863 CVE-2022-27668: Depending on the configuration of the route permission table in file 'saprouttab', it is possible fo Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for

CVE-2022-29616 [HIGH] CWE-787 CVE-2022-29616: SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memo SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.

CVE-2022-27656 [MEDIUM] CWE-79 CVE-2022-27656: The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does no The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.