cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0070,https://securityvulnerability.io/vulnerability/CVE-2025-0070,Authentication Flaw in SAP NetWeaver Application Server for ABAP,"The SAP NetWeaver Application Server for ABAP and ABAP Platform is susceptible to an issue where improper authentication checks can be exploited by authenticated users. This vulnerability facilitates attackers to gain unauthorized access, leading to potential privilege escalation. Such an exploit poses serious risks affecting the confidentiality, integrity, and availability of the system.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,171
CVE-2025-0069,https://securityvulnerability.io/vulnerability/CVE-2025-0069,DLL Injection Vulnerability in SAPSetup by SAP,"A DLL injection vulnerability in SAPSetup could allow an attacker with local user privileges or access to a compromised Windows account to escalate their permissions. This privilege escalation enables the attacker to move laterally within the network, potentially compromising the Active Directory and significantly affecting the confidentiality, integrity, and availability of the Windows server environment.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0068,https://securityvulnerability.io/vulnerability/CVE-2025-0068,Authorization Flaw in SAP NetWeaver Application Server ABAP,"An obsolete feature in SAP NetWeaver Application Server ABAP lacks essential authorization checks, enabling authenticated attackers to access sensitive information that should remain restricted. This vulnerability does not compromise the integrity or availability of the application but poses risks related to confidential data exposure.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0067,https://securityvulnerability.io/vulnerability/CVE-2025-0067,Missing Authorization Check in SAP NetWeaver Application Server Java,"This vulnerability in the SAP NetWeaver Application Server Java arises from a missing authorization check on service endpoints, which allows an attacker with a standard user role to create JCo connection entries. These entries facilitate remote function calls to and from the application server, potentially jeopardizing the confidentiality, integrity, and availability of the application by enabling unauthorized access.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0066,https://securityvulnerability.io/vulnerability/CVE-2025-0066,Weak Access Controls in SAP NetWeaver AS for ABAP Exposes Sensitive Data,"The SAP NetWeaver AS for ABAP, specifically the Internet Communication Framework, contains a vulnerability that allows unauthorized access to sensitive information due to inadequate access controls. This issue poses risks to the confidentiality, integrity, and availability of applications relying on this framework, highlighting the need for prompt updates and robust security measures.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,68
CVE-2025-0063,https://securityvulnerability.io/vulnerability/CVE-2025-0063,Authorization Bypass in SAP NetWeaver AS ABAP and ABAP Platform,"An authorization check flaw exists within SAP NetWeaver AS ABAP and ABAP Platform, where certain Remote Function Call (RFC) function modules can be executed by users without adequate permissions. This vulnerability permits attackers with basic user rights to manipulate and potentially gain full control over sensitive data stored in Informix databases, compromising the overall confidentiality, integrity, and availability of the system.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,517
CVE-2025-0061,https://securityvulnerability.io/vulnerability/CVE-2025-0061,Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform contains an information disclosure vulnerability that allows an unauthenticated attacker to hijack user sessions over the network. This vulnerability enables attackers to access and alter all application data without requiring user interaction, posing significant risks to data integrity and confidentiality.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0060,https://securityvulnerability.io/vulnerability/CVE-2025-0060,JavaScript Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform contains a vulnerability that allows an authenticated user with restricted access to inject malicious JavaScript code. This code can read sensitive information from the server and transmit it to an attacker. Consequently, the attacker may use the captured data to impersonate high-privileged users, severely compromising the confidentiality and integrity of the application. Organizations using affected versions should take immediate steps to safeguard their data and prevent unauthorized access.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0058,https://securityvulnerability.io/vulnerability/CVE-2025-0058,Information Disclosure Vulnerability in SAP Business Workflow and Flexible Workflow,"In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker may exploit a parameter within a legitimate resource request. This manipulation enables the attacker to access sensitive information that is generally restricted, although they cannot modify or delete the information.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0057,https://securityvulnerability.io/vulnerability/CVE-2025-0057,Stored Cross Site Scripting Vulnerability in SAP NetWeaver AS JAVA User Admin Application,"The SAP NetWeaver AS JAVA User Admin Application is susceptible to a stored cross site scripting vulnerability. This security flaw allows an attacker, acting as an administrator, to upload images containing malicious JavaScript code. When an innocent user visits the affected component, the embedded code can execute, enabling the attacker to read and potentially manipulate sensitive information within the victim's web session.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0056,https://securityvulnerability.io/vulnerability/CVE-2025-0056,SAP GUI for Java Vulnerability in User Input Data Handling,"The SAP GUI for Java application stores user input locally on client machines to enhance user experience. This mechanism can be exploited by an attacker who gains administrative privileges or access to the user's operating system environment. Such access allows the attacker to retrieve stored user input, which can include sensitive information. If compromised, this could lead to severe implications for confidentiality and data privacy, as the disclosed information varies from benign to highly sensitive based on user interactions.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0055,https://securityvulnerability.io/vulnerability/CVE-2025-0055,Data Exposure Vulnerability in SAP GUI for Windows,"The SAP GUI for Windows features a mechanism that stores user input locally to enhance usability. However, this can lead to potential data exposure under specific conditions. If an attacker possesses administrative privileges or gains access to the victim’s user directory on the operating system level, they could exploit this vulnerability to read sensitive information stored on the client PC. The nature of this data can vary, spanning from harmless input to highly confidential information, ultimately compromising the integrity of user data and the overall confidentiality of the application.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0053,https://securityvulnerability.io/vulnerability/CVE-2025-0053,Unauthorized Access Vulnerability in SAP NetWeaver Application Server for ABAP,"The SAP NetWeaver Application Server for ABAP is susceptible to a vulnerability that allows an unauthorized individual to access sensitive system information. By exploiting a specific URL parameter, an unauthenticated attacker can retrieve critical details about system configuration. While this vulnerability has a limited impact on the application's confidentiality, it can be used as a stepping stone for subsequent attacks or exploits, emphasizing the need for timely security measures.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2025-0059,https://securityvulnerability.io/vulnerability/CVE-2025-0059,Data Exposure Risk in SAP GUI for HTML on SAP NetWeaver Application Server ABAP,"The vulnerability involves applications using SAP GUI for HTML within the SAP NetWeaver Application Server ABAP context. User inputs are stored in local browser storage, intended to enhance usability. However, if an attacker gains administrative privileges or has access to the user directory on the operating system, they could read this stored data. The disclosed data may vary from less critical to highly sensitive information, leading to significant impacts on data confidentiality and potential misuse.",SAP,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:15:00.000Z,0
CVE-2024-54198,https://securityvulnerability.io/vulnerability/CVE-2024-54198,SAP NetWeaver Application Server ABAP Vulnerability: Authenticated Attacker Can Access Remote Services,"The vulnerability in the SAP NetWeaver Application Server ABAP allows authenticated attackers to exploit crafted Remote Function Call (RFC) requests targeting restricted destinations. This exposure may lead to unauthorized access to sensitive credentials utilized by remote services. Once compromised, these credentials pose a significant risk as they can be leveraged to execute further attacks, undermining the confidentiality, integrity, and availability of the application. Organizations utilizing affected versions should prioritize applying relevant security patches to mitigate potential security risks. For additional insights and patch information, refer to SAP's official documentation.",SAP,SAP Netweaver Application Server Abap,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:47.729Z,0
CVE-2024-54197,https://securityvulnerability.io/vulnerability/CVE-2024-54197,SAP NetWeaver Administrator Vulnerability Allows HTTP Endpoint Enumeration and SSRF Attacks,"The vulnerability in SAP NetWeaver Administrator allows an authenticated attacker to perform HTTP endpoint enumeration within the internal network by crafting specific HTTP requests. This exploitation could lead to Server-Side Request Forgery (SSRF), potentially compromising data confidentiality and integrity. The vulnerability does not affect the application's availability, but the resultant SSRF could allow attackers to interact with internal services, increasing the risk of broader network exploitation. Early mitigation is crucial to safeguard sensitive data and prevent unauthorized access.",SAP,SAP Netweaver Administrator(system Overview),7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:42.296Z,0
CVE-2024-47585,https://securityvulnerability.io/vulnerability/CVE-2024-47585,Potential Security Concerns Due to Improper Authorization Checks,"SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:29.987Z,0
CVE-2024-47582,https://securityvulnerability.io/vulnerability/CVE-2024-47582,XML Entity Expansion Attack,"Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.",SAP,SAP Netweaver As Java,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:24.270Z,0
CVE-2024-47581,https://securityvulnerability.io/vulnerability/CVE-2024-47581,Authentication Bypass Vulnerability Affects HCM Approve Timesheets,"SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted.",SAP,SAP Hcm,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:17.567Z,0
CVE-2024-47580,https://securityvulnerability.io/vulnerability/CVE-2024-47580,Server-side file exposure vulnerability,"An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment.  By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability.",SAP,SAP Netweaver As For Java (adobe Document Services),6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:11.655Z,0
CVE-2024-47579,https://securityvulnerability.io/vulnerability/CVE-2024-47579,PDF Font File Attack,An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server.  Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability,SAP,SAP Netweaver As For Java (adobe Document Services),6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:05.039Z,0
CVE-2024-47578,https://securityvulnerability.io/vulnerability/CVE-2024-47578,Adobe Document Service Vulnerability Allows Server-Side Request Forgery,"A vulnerability exists in Adobe Document Service that allows an attacker with administrator privileges to craft and send malicious requests from a vulnerable web application. This weakness typically targets internal systems shielded by firewalls, rendering them susceptible to external exploitation. Successfully executing this attack can enable a malicious user to read or modify files and potentially disrupt the functionality of the entire system. Organizations utilizing Adobe Document Service should promptly implement security measures and patches to mitigate the risks associated with this vulnerability.",SAP,SAP Netweaver As For Java (adobe Document Services),9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:11:57.435Z,0
CVE-2024-47577,https://securityvulnerability.io/vulnerability/CVE-2024-47577,Information Disclosure Vulnerability in SAP Commerce Cloud Assisted Service Module,"Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.",SAP,SAP Commerce Cloud,2.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:11:49.563Z,0
CVE-2024-47576,https://securityvulnerability.io/vulnerability/CVE-2024-47576,Low Impact DLL Injection Vulnerability in SAP Product Lifecycle Costing Client,"SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.",SAP,SAP Product Lifecycle Costing,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:11:43.031Z,0
CVE-2024-32732,https://securityvulnerability.io/vulnerability/CVE-2024-32732,SAP BusinessObjects Business Intelligence Platform Vulnerability,Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.,SAP,SAP Businessobjects Business Intelligence Platform,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:11:33.815Z,0