Sap: >> Sap Basis >> 731 Security Vulnerabilities
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-10
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-10
SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-09
SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the application
CVSS Score
5.0
EPSS Score
0.0
Published
2025-09-09
The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-12
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-07-08
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-08
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-02-11
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-14
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
CVSS Score
9.9
EPSS Score
0.001
Published
2025-01-14
Page 1