cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-22131,https://securityvulnerability.io/vulnerability/CVE-2024-22131,Remote Execution Vulnerability Affects SAP ABA Versions 700-752,"A security vulnerability exists in SAP Application Basis (ABA) across multiple versions, where an attacker with remote execution authorization can exploit a susceptible interface. This vulnerability enables the attacker to invoke application functions and perform unauthorized actions, potentially allowing them to read or modify sensitive user and business data. Moreover, certain functions may lead to system unavailability, impacting overall business operations. Organizations running affected versions of SAP ABA should prioritize remediation to protect their data integrity and operational continuity.",SAP,SAP Aba (application Basis),7.2,HIGH,0.0005699999746866524,false,false,false,false,,false,false,2024-02-13T02:30:51.886Z,0
CVE-2020-6240,https://securityvulnerability.io/vulnerability/CVE-2020-6240,,"SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service",SAP,"SAP Netweaver As Abap (web Dynpro Abap) (SAP Ui),SAP Netweaver As Abap (web Dynpro Abap) (SAP Basis)",5.3,MEDIUM,0.0012400000123307109,false,false,false,false,,false,false,2020-05-12T17:46:58.000Z,0
CVE-2020-6205,https://securityvulnerability.io/vulnerability/CVE-2020-6205,,"SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.",SAP,SAP Netweaver Application Server Abap (smart Forms) - SAP Basis,6.1,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-03-10T20:20:21.000Z,0
CVE-2020-6185,https://securityvulnerability.io/vulnerability/CVE-2020-6185,,"Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.",SAP,"SAP Netweaver (SAP Basis),SAP S/4hana (SAP Basis)",5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-02-12T19:56:20.000Z,0
CVE-2020-6181,https://securityvulnerability.io/vulnerability/CVE-2020-6181,,"Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.",SAP,"SAP Netweaver (SAP Basis),SAP Abap Platform (SAP Basis)",5.8,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-02-12T19:46:52.000Z,0
CVE-2020-6184,https://securityvulnerability.io/vulnerability/CVE-2020-6184,,"Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.",SAP,Automated Note Search Tool (SAP Basis),6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2020-02-12T19:46:26.000Z,0
CVE-2020-6307,https://securityvulnerability.io/vulnerability/CVE-2020-6307,,"Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.",SAP,Automated Note Search Tool (SAP Basis),4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-01-14T17:52:59.000Z,0
CVE-2019-0328,https://securityvulnerability.io/vulnerability/CVE-2019-0328,,"ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.",SAP,SAP Netweaver Process Integration Abap Tests (SAP Basis),7.2,HIGH,0.01042999979108572,false,false,false,false,,false,false,2019-07-10T19:10:37.000Z,0
CVE-2019-0321,https://securityvulnerability.io/vulnerability/CVE-2019-0321,,"ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,Abap Server And Abap Platform (SAP Basis),6.1,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2019-07-10T18:54:44.000Z,0
CVE-2019-0279,https://securityvulnerability.io/vulnerability/CVE-2019-0279,,"ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.",SAP,SAP Basis,8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2019-04-10T20:17:27.000Z,0
CVE-2019-0257,https://securityvulnerability.io/vulnerability/CVE-2019-0257,,"Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,Abap Platform(SAP Basis),8.8,HIGH,0.002630000002682209,false,false,false,false,,false,false,2019-02-15T18:00:00.000Z,0
CVE-2019-0248,https://securityvulnerability.io/vulnerability/CVE-2019-0248,,"Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.",SAP,"SAP Gateway Of Abap Application Server(SAP Gwfnd),SAP Gateway Of Abap Application Server(SAP Basis)",5.9,MEDIUM,0.002689999993890524,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0
CVE-2018-2494,https://securityvulnerability.io/vulnerability/CVE-2018-2494,,"Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.",SAP,"SAP Basis (as Abap Of SAP Netweaver),SAP Basis (abap Platform)",8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2018-12-11T23:00:00.000Z,0
CVE-2018-2478,https://securityvulnerability.io/vulnerability/CVE-2018-2478,,"An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.",SAP,SAP Basis (trex / Bwa Installation),7.2,HIGH,0.0023499999660998583,false,false,false,false,,false,false,2018-11-13T20:00:00.000Z,0
CVE-2018-2367,https://securityvulnerability.io/vulnerability/CVE-2018-2367,,"ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ""traverse to parent directory"" are passed through to the file APIs.",SAP,SAP Basis (abap File Interface),8.8,HIGH,0.002050000010058284,false,false,false,false,,false,false,2018-03-01T17:00:00.000Z,0
CVE-2016-4551,https://securityvulnerability.io/vulnerability/CVE-2016-4551,,"The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.",SAP,"Netweaver,SAP Aba,SAP Basis",7.5,HIGH,0.0027600000612437725,false,false,false,false,,false,false,2016-10-05T16:00:00.000Z,0
CVE-2007-3495,https://securityvulnerability.io/vulnerability/CVE-2007-3495,,"Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.",SAP,"SAP Basis Component 700,SAP Basis Component 640",,,0.006149999797344208,false,false,false,false,,false,false,2007-06-29T18:00:00.000Z,0
CVE-2007-3496,https://securityvulnerability.io/vulnerability/CVE-2007-3496,,"Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.",SAP,"Netweaver Nw04,SAP Basis Component 700,Netweaver Nw04s,SAP Basis Component 640",,,0.005869999993592501,false,false,false,false,,false,false,2007-06-29T18:00:00.000Z,0