Sap_se Sap Netweaver Application Server Abap
10 CVEs affecting Sap_se Sap Netweaver Application Server Abap. Latest disclosed: 2026-05-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-23186 | High | 8.5 | 2025-04-08 | In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted desti… |
CVE-2024-54198 | High | 8.5 | 2024-12-10 | In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted desti… |
CVE-2026-34257 | Medium | 6.1 | 2026-04-14 | Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a vi… |
CVE-2025-42945 | Medium | 6.1 | 2025-08-12 | SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a… |
CVE-2025-42981 | Medium | 6.1 | 2025-07-08 | Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script… |
CVE-2025-25242 | Medium | 6.1 | 2025-03-11 | SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerabi… |
CVE-2024-41732 | Medium | 4.7 | 2024-08-13 | SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web app… |
CVE-2025-0068 | Medium | 4.3 | 2025-01-14 | An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker c… |
CVE-2024-47593 | Medium | 4.3 | 2024-11-12 | SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted… |
CVE-2026-27680 | Low | 3.1 | 2026-05-14 | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS)… |