Sap_se Sap Netweaver Application Server For Abap And Abap Platform
16 CVEs affecting Sap_se Sap Netweaver Application Server For Abap And Abap Platform. Latest disclosed: 2026-05-12. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0070 | Critical | 9.9 | 2025-01-14 | SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper… |
CVE-2026-40135 | Medium | 6.5 | 2026-05-12 | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with admi… |
CVE-2024-34687 | Medium | 6.5 | 2024-05-14 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerab… |
CVE-2024-45285 | Medium | 5.4 | 2024-09-10 | The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a c… |
CVE-2024-44117 | Medium | 5.4 | 2024-09-10 | The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook… |
CVE-2024-42371 | Medium | 5.4 | 2024-09-10 | The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify u… |
CVE-2025-0053 | Medium | 5.3 | 2025-01-14 | SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL param… |
CVE-2024-47586 | Medium | 5.3 | 2024-11-12 | SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a n… |
CVE-2024-39599 | Medium | 4.7 | 2024-07-09 | Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API… |
CVE-2024-47585 | Medium | 4.3 | 2024-12-10 | SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting i… |
CVE-2024-44116 | Medium | 4.3 | 2024-09-10 | The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to id… |
CVE-2024-44115 | Medium | 4.3 | 2024-09-10 | The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify u… |
CVE-2024-42380 | Medium | 4.3 | 2024-09-10 | The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each nod… |
CVE-2024-37180 | Medium | 4.1 | 2024-07-09 | Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no furthe… |
CVE-2024-41728 | Low | 2.7 | 2024-09-10 | Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects con… |
CVE-2024-44114 | Low | 2.0 | 2024-09-10 | SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This resu… |