Sap_se Sap Netweaver Application Server For Abap
11 CVEs affecting Sap_se Sap Netweaver Application Server For Abap. Latest disclosed: 2026-03-10. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-42989 | Critical | 9.6 | 2025-06-10 | RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploita… |
CVE-2025-42953 | High | 8.1 | 2025-07-08 | SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could… |
CVE-2026-24316 | Medium | 6.4 | 2026-03-10 | SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external en… |
CVE-2026-24309 | Medium | 6.4 | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read… |
CVE-2025-42942 | Medium | 6.1 | 2025-08-12 | SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with mali… |
CVE-2025-42908 | Medium | 5.4 | 2025-10-14 | Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions di… |
CVE-2025-42936 | Medium | 5.4 | 2025-08-12 | The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allo… |
CVE-2026-27688 | Medium | 5.0 | 2026-03-10 | Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer… |
CVE-2025-42961 | Medium | 4.9 | 2025-07-08 | Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient va… |
CVE-2025-42882 | Medium | 4.3 | 2025-11-11 | Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific fun… |
CVE-2026-24310 | Low | 3.5 | 2026-03-10 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read… |