Sap Se Sap Netweaver Application Server For Abap vulnerabilities

CVE-2026-24316 [MEDIUM] CWE-918 CVE-2026-24316: SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in

CVE-2026-27688 [MEDIUM] CWE-862 CVE-2026-27688: Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data,

CVE-2026-24309 [MEDIUM] CWE-862 CVE-2026-24309: Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated at Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerabilit

CVE-2026-24310 [LOW] CWE-862 CVE-2026-24310: Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated at Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability.

CVE-2025-42882 [MEDIUM] CWE-862 CVE-2025-42882: Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent att

CVE-2025-42883 [LOW] CWE-434 CVE-2025-42883: Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a m Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low impact on the integrity of the application.

CVE-2025-42908 [MEDIUM] CWE-352 CVE-2025-42908: Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABA Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated authorization check. This vulnerability could allow the attacker to perform actions and execute transa

CVE-2025-42918 [MEDIUM] CWE-862 CVE-2025-42918: SAP NetWeaver Application Server for ABAP allows authenticated users with access to background proce SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability

CVE-2025-42936 [MEDIUM] CWE-266 CVE-2025-42936: The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguish The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the applicat

CVE-2025-42942 [MEDIUM] CWE-79 CVE-2025-42942: SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an un SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of

CVE-2025-42953 [HIGH] CWE-862 CVE-2025-42953: SAP Netweaver System Configuration does not perform necessary authorization checks for an authentica SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

CVE-2025-42961 [MEDIUM] CWE-862 CVE-2025-42961: Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a signif

CVE-2025-42989 [CRITICAL] CWE-862 CVE-2025-42989: RFC inbound processing�does not perform necessary authorization checks for an authenticated user, re RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

CVE-2024-45279 [MEDIUM] CWE-79 CVE-2024-45279: Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Appli Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and

CVE-2022-26102 [MEDIUM] CWE-862 CVE-2022-26102: Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 7 Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information

CVE-2021-40499 [CRITICAL] CWE-94 CVE-2021-40499: Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Se Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.