Sap Se Sap Netweaver And Abap Platform vulnerabilities

CVE-2026-24320 [LOW] CWE-113 CVE-2026-24320: Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an a Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. S

CVE-2025-42974 [MEDIUM] CWE-862 CVE-2025-42974: Due to missing authorization check, an attacker authenticated as a non-administrative user could cal Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no impact on integrity or availability.

CVE-2025-42986 [MEDIUM] CWE-862 CVE-2025-42986: Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an aut Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

CVE-2025-27428 [HIGH] CWE-862 CVE-2025-27428: Due to directory traversal vulnerability, an authorized attacker could gain access to some critical Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.

CVE-2025-30015 [MEDIUM] CWE-787 CVE-2025-30015: Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availabil

CVE-2025-23190 [MEDIUM] CWE-862 CVE-2025-23190: Due to missing authorization check, an authenticated attacker could call a remote-enabled function m Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system.

CVE-2025-23187 [MEDIUM] CWE-862 CVE-2025-23187: Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauth Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability.

CVE-2025-23189 [MEDIUM] CWE-862 CVE-2025-23189: Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authen Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability

CVE-2024-33001 [MEDIUM] CWE-400 CVE-2024-33001: SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by cra SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the a

CVE-2022-27668 [CRITICAL] CWE-863 CVE-2022-27668: Depending on the configuration of the route permission table in file 'saprouttab', it is possible fo Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for

CVE-2022-29616 [HIGH] CWE-787 CVE-2022-29616: SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memo SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.

CVE-2022-22536 [CRITICAL] CWE-444 CVE-2022-22536: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Con SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the vi

CVE-2020-6318 [HIGH] CWE-94 CVE-2020-6318: A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the workin

CVE-2020-6296 [HIGH] CVE-2020-6296: SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 75 SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

CVE-2020-6310 [MEDIUM] CVE-2020-6310: Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

CVE-2020-6299 [MEDIUM] CVE-2020-6299: SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

CVE-2020-6280 [LOW] CVE-2020-6280: SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.