cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22131,https://securityvulnerability.io/vulnerability/CVE-2024-22131,Remote Execution Vulnerability Affects SAP ABA Versions 700-752,"A security vulnerability exists in SAP Application Basis (ABA) across multiple versions, where an attacker with remote execution authorization can exploit a susceptible interface. This vulnerability enables the attacker to invoke application functions and perform unauthorized actions, potentially allowing them to read or modify sensitive user and business data. Moreover, certain functions may lead to system unavailability, impacting overall business operations. Organizations running affected versions of SAP ABA should prioritize remediation to protect their data integrity and operational continuity.",SAP,SAP Aba (application Basis),7.2,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2024-02-13T02:30:51.886Z,0
CVE-2020-6240,https://securityvulnerability.io/vulnerability/CVE-2020-6240,Denial of Service Vulnerability in SAP NetWeaver AS ABAP,"The Denial of Service vulnerability in SAP NetWeaver AS ABAP affects specific versions, allowing unauthenticated attackers to disrupt legitimate user access by crashing or overwhelming the service. This can significantly impact service availability and operational efficiency, making it crucial for organizations to address this issue promptly.",SAP,"SAP Netweaver As Abap (web Dynpro Abap) (SAP Ui),SAP Netweaver As Abap (web Dynpro Abap) (SAP Basis)",5.3,MEDIUM,0.0012400000123307109,false,,false,false,false,,,false,false,,2020-05-12T17:46:58.000Z,0
CVE-2020-6205,https://securityvulnerability.io/vulnerability/CVE-2020-6205,Reflected Cross Site Scripting Vulnerability in SAP NetWeaver AS ABAP,"An issue in SAP NetWeaver AS ABAP allows attackers to exploit insufficient encoding of user-controlled inputs. This vulnerability enables unauthenticated attackers to non-permanently alter displayed content, potentially leading to defacement and the unauthorized retrieval of sensitive authentication information. Additionally, attackers can impersonate users, gaining access to their information with equivalent rights, which could undermine security and confidentiality measures.",SAP,SAP Netweaver Application Server Abap (smart Forms) - SAP Basis,6.1,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-03-10T20:20:21.000Z,0
CVE-2020-6185,https://securityvulnerability.io/vulnerability/CVE-2020-6185,Stored Cross Site Scripting in SAP NetWeaver and SAP S/4HANA,"In SAP NetWeaver and SAP S/4HANA, under specific circumstances, an authenticated attacker can exploit the ABAP Online Community to store a malicious payload. This leads to a stored cross site scripting vulnerability, potentially allowing the attacker to execute arbitrary scripts in the context of the affected application, compromising user data and session integrity.",SAP,"SAP Netweaver (SAP Basis),SAP S/4hana (SAP Basis)",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-02-12T19:56:20.000Z,0
CVE-2020-6181,https://securityvulnerability.io/vulnerability/CVE-2020-6181,HTTP Response Splitting Vulnerability in SAP NetWeaver and ABAP Platform,"The SAML Single Sign-On implementation in SAP NetWeaver and the ABAP Platform possesses a vulnerability allowing attackers to inject invalidated data into HTTP response headers. This issue can lead to an HTTP response splitting scenario, potentially allowing malicious actors to manipulate web server responses. The vulnerability primarily affects multiple versions of SAP_BASIS and SAP_ABAP Platform. Organizations using these platforms must ensure they are patched to prevent any risks associated with this vulnerability.",SAP,"SAP Netweaver (SAP Basis),SAP Abap Platform (SAP Basis)",5.8,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-02-12T19:46:52.000Z,0
CVE-2020-6184,https://securityvulnerability.io/vulnerability/CVE-2020-6184,Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver and SAP S/4HANA,"A reflected cross-site scripting vulnerability exists in SAP NetWeaver and SAP S/4HANA due to insufficient encoding of user-controlled inputs. This flaw could allow an attacker to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive information and web applications. Users of the affected product versions should implement appropriate security measures to mitigate this risk.",SAP,Automated Note Search Tool (SAP Basis),6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-02-12T19:46:26.000Z,0
CVE-2020-6307,https://securityvulnerability.io/vulnerability/CVE-2020-6307,Authorization Vulnerability in SAP Automated Note Search Tool,"The Automated Note Search Tool in various SAP Basis versions lacks adequate authorization checks. This flaw can potentially allow unauthorized users to access and read sensitive information, posing a significant security risk. Administrators are advised to assess their systems for this issue and implement necessary remediations to safeguard sensitive data.",SAP,Automated Note Search Tool (SAP Basis),4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-01-14T17:52:59.000Z,0
CVE-2019-0328,https://securityvulnerability.io/vulnerability/CVE-2019-0328,OS Command Execution Vulnerability in SAP NetWeaver Process Integration,"The ABAP Tests Modules in SAP Basis versions 7.0 through 7.5 within SAP NetWeaver Process Integration allow an attacker to execute operating system commands with elevated privileges. This vulnerable state can lead to significant risks to system integrity and availability, making it imperative for organizations using these versions to apply the necessary security updates and patches.",SAP,SAP Netweaver Process Integration Abap Tests (SAP Basis),7.2,HIGH,0.01042999979108572,false,,false,false,false,,,false,false,,2019-07-10T19:10:37.000Z,0
CVE-2019-0321,https://securityvulnerability.io/vulnerability/CVE-2019-0321,Cross-Site Scripting Vulnerability in SAP ABAP Server and Platform,"The SAP ABAP Server and ABAP Platform, specifically versions 7.31, 7.4, and 7.5, exhibit a vulnerability stemming from inadequate encoding of user-controlled inputs. This oversight can lead to Cross-Site Scripting (XSS) attacks, allowing malicious users to inject arbitrary scripts into web pages viewed by other users. Exploitation of this vulnerability could potentially compromise user data and disrupt business operations, highlighting the importance of robust input validation and encoding practices.",SAP,Abap Server And Abap Platform (SAP Basis),6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-07-10T18:54:44.000Z,0
CVE-2019-0279,https://securityvulnerability.io/vulnerability/CVE-2019-0279,SAP BASIS Privilege Escalation Vulnerability Affecting Various Versions,"In SAP BASIS, certain ABAP function modules such as INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST lack comprehensive authorization checks under specific conditions. This oversight can lead to unauthorized privilege escalation for authenticated users, potentially compromising system integrity. It is crucial for users of affected SAP BASIS versions to apply the necessary patches provided by SAP to mitigate these vulnerabilities.",SAP,SAP Basis,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-04-10T20:17:27.000Z,0
CVE-2019-0257,https://securityvulnerability.io/vulnerability/CVE-2019-0257,Privilege Escalation Vulnerability in SAP NetWeaver AS ABAP Platform,"A vulnerability exists in SAP NetWeaver AS ABAP Platform due to insufficient authorization checks when customizing functionalities. An authenticated user can exploit this issue to gain elevated privileges, potentially compromising sensitive areas of the application. This flaw impacts a range of versions and requires timely updates to ensure that proper authorization mechanisms are enforced.",SAP,Abap Platform(SAP Basis),8.8,HIGH,0.002630000002682209,false,,false,false,false,,,false,false,,2019-02-15T18:00:00.000Z,0
CVE-2019-0248,https://securityvulnerability.io/vulnerability/CVE-2019-0248,Information Disclosure Vulnerability in SAP Gateway for ABAP Application Server,"The SAP Gateway of ABAP Application Server is vulnerable to an information disclosure issue that may permit unauthorized parties to access sensitive data under specific conditions. This vulnerability stems from improper restrictions, allowing attackers to gain access to information that should be protected. It is crucial for users of SAP software to apply the necessary patches provided in SAP_GWFND versions 7.5, 7.51, 7.52, and 7.53, as well as SAP_BASIS 7.5 to mitigate this risk.",SAP,"SAP Gateway Of Abap Application Server(SAP Gwfnd),SAP Gateway Of Abap Application Server(SAP Basis)",5.9,MEDIUM,0.002689999993890524,false,,false,false,false,,,false,false,,2019-01-08T20:00:00.000Z,0
CVE-2018-2494,https://securityvulnerability.io/vulnerability/CVE-2018-2494,Unauthorized Access Vulnerability in SAP NetWeaver ABAP,"An authorization bypass vulnerability exists in SAP Basis AS ABAP, allowing authenticated users to escalate their privileges without appropriate access controls. This issue impacts versions of SAP NetWeaver from 700 to 750 and has been addressed with necessary security patches to ensure that permission checks are enforced correctly.",SAP,"SAP Basis (as Abap Of SAP Netweaver),SAP Basis (abap Platform)",8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-12-11T23:00:00.000Z,0
CVE-2018-2478,https://securityvulnerability.io/vulnerability/CVE-2018-2478,Command Execution Vulnerability in SAP Basis Versions,"This vulnerability allows an attacker to execute commands on a TREX/BWA installation by supplying specially crafted inputs. The affected SAP Basis versions are 7.0 through 7.02, 7.10 through 7.11, and 7.30 through 7.53. The commands executed are limited to those that the <sid>adm user can run, which could lead to unauthorized access or actions depending on the privilege level of this user.",SAP,SAP Basis (trex / Bwa Installation),7.2,HIGH,0.0023499999660998583,false,,false,false,false,,,false,false,,2018-11-13T20:00:00.000Z,0
CVE-2018-2367,https://securityvulnerability.io/vulnerability/CVE-2018-2367,Insufficient Path Validation in SAP BASIS,The ABAP File Interface in SAP BASIS versions 7.00 to 7.52 contains a vulnerability that arises from inadequate validation of user-supplied path information. This flaw allows attackers to manipulate file paths and potentially access sensitive files through unauthorized traversal commands. Proper configuration and patching are essential to mitigate this risk.,SAP,SAP Basis (abap File Interface),8.8,HIGH,0.002050000010058284,false,,false,false,false,,,false,false,,2018-03-01T17:00:00.000Z,0
CVE-2016-4551,https://securityvulnerability.io/vulnerability/CVE-2016-4551,,"The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.",SAP,"Netweaver,SAP Aba,SAP Basis",7.5,HIGH,0.0027600000612437725,false,,false,false,false,,,false,false,,2016-10-05T16:00:00.000Z,0
CVE-2007-3496,https://securityvulnerability.io/vulnerability/CVE-2007-3496,,"Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.",SAP,"Netweaver Nw04,SAP Basis Component 700,Netweaver Nw04s,SAP Basis Component 640",,,0.005869999993592501,false,,false,false,false,,,false,false,,2007-06-29T18:00:00.000Z,0
CVE-2007-3495,https://securityvulnerability.io/vulnerability/CVE-2007-3495,,"Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.",SAP,"SAP Basis Component 700,SAP Basis Component 640",,,0.006149999797344208,false,,false,false,false,,,false,false,,2007-06-29T18:00:00.000Z,0