Sap Netweaver_application_server_abap
8 CVEs affecting Sap Netweaver_application_server_abap. Latest disclosed: 2026-05-14. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40135 | Medium | 6.5 | 2026-05-12 | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with admi… |
CVE-2026-24316 | Medium | 6.4 | 2026-03-10 | SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external en… |
CVE-2026-24309 | Medium | 6.4 | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read… |
CVE-2026-34257 | Medium | 6.1 | 2026-04-14 | Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a vi… |
CVE-2026-27688 | Medium | 5.0 | 2026-03-10 | Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer… |
CVE-2026-27682 | Medium | 4.7 | 2026-05-12 | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthen… |
CVE-2026-24310 | Low | 3.5 | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read… |
CVE-2026-27680 | Low | 3.1 | 2026-05-14 | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS)… |