cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47585,https://securityvulnerability.io/vulnerability/CVE-2024-47585,Potential Security Concerns Due to Improper Authorization Checks,"SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T00:12:29.987Z,0
CVE-2024-45285,https://securityvulnerability.io/vulnerability/CVE-2024-45285,Low-privilege User Can Perform Denial of Service and Data Tampering Attacks on SAP GUI,"The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:59:01.937Z,0
CVE-2024-44117,https://securityvulnerability.io/vulnerability/CVE-2024-44117,Low Privileged User Actions on Favourite Nodes and Workbook ID,"The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:25:27.127Z,0
CVE-2024-41728,https://securityvulnerability.io/vulnerability/CVE-2024-41728,Attackers Can Read Confidential Objects Without Authorization,"Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,2.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-09-10T04:00:56.713Z,0
CVE-2024-44116,https://securityvulnerability.io/vulnerability/CVE-2024-44116,Low Privileged User Vulnerability Affects Workplace Favorites,The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T03:11:05.878Z,0
CVE-2024-44115,https://securityvulnerability.io/vulnerability/CVE-2024-44115,Low Privileged User Targeting: Identifying Usernames and Workplace Information,"The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T03:08:43.205Z,0
CVE-2024-44114,https://securityvulnerability.io/vulnerability/CVE-2024-44114,Potential Data Exposure via Program Execution,SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,2.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-09-10T03:06:18.174Z,0
CVE-2024-42380,https://securityvulnerability.io/vulnerability/CVE-2024-42380,Low Privileged User Data Exposure through Vulnerability,The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T02:47:52.783Z,0
CVE-2024-42371,https://securityvulnerability.io/vulnerability/CVE-2024-42371,Low Privileged User Access to Targeted User Workplace Favorites Could Lead to Identification of Targeted User Names and Access Information,The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T02:37:47.259Z,0
CVE-2024-41734,https://securityvulnerability.io/vulnerability/CVE-2024-41734,SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability Could Lead to Disclosure of User Related Information,"Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.",SAP,SAP Netweaver Application Server Abap And Abap Platform,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-13T04:18:03.596Z,0
CVE-2024-37180,https://securityvulnerability.io/vulnerability/CVE-2024-37180,Remote ENabled Function Module Vulnerability,"Under certain conditions SAP NetWeaver
Application Server for ABAP and ABAP Platform allows an attacker to access
remote-enabled function module with no further authorization which would
otherwise be restricted, the function can be used to read non-sensitive
information with low impact on confidentiality of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T04:41:32.313Z,0
CVE-2024-39599,https://securityvulnerability.io/vulnerability/CVE-2024-39599,SAP NetWeaver Application Server Security Vulnerability,"Due to a Protection Mechanism Failure in SAP
NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass
the configured malware scanner API because of a programming error. This leads
to a low impact on the application's confidentiality, integrity, and
availability.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T04:24:31.103Z,0
CVE-2024-33006,https://securityvulnerability.io/vulnerability/CVE-2024-33006,Unauthorized File Upload Vulnerability,"The SAP Security Patch Day May 2024 delivered 14 new Security Notes alongside updates to 3 previously released notes. A critical vulnerability, tracked as CVE-2024-33006, was addressed in the SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to a complete system takeover. The exploitation of this vulnerability is a severe risk and organizations using SAP systems are urged to upgrade promptly to mitigate the risk. Additionally, other vulnerabilities were addressed in the security updates, highlighting the importance of timely patching and security vigilance.",SAP,SAP Netweaver Application Server Abap And Abap Platform,9.6,CRITICAL,0.0004299999854993075,false,true,false,true,,false,false,2024-05-14T04:16:06.647Z,0
CVE-2024-34687,https://securityvulnerability.io/vulnerability/CVE-2024-34687,SAP NetWeaver Application Server for ABAP and ABAP Platform Exposed to Cross-Site Scripting (XSS) Vulnerability,"SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.
",SAP,SAP Netweaver Application Server For Abap And Abap Platform,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:56:24.324Z,0
CVE-2024-32733,https://securityvulnerability.io/vulnerability/CVE-2024-32733,SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability: Untrusted Data Injection,"
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application

",SAP,SAP Netweaver Application Server Abap And Abap Platform,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:38:19.474Z,0
CVE-2024-21738,https://securityvulnerability.io/vulnerability/CVE-2024-21738,Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform,"SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

",SAP,SAP NetWeaver ABAP Application Server and ABAP Platform,4.1,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-01-09T02:15:00.000Z,0
CVE-2023-49581,https://securityvulnerability.io/vulnerability/CVE-2023-49581,SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform,"SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

",SAP,SAP NetWeaver Application Server ABAP and ABAP Platform,4.1,MEDIUM,0.0017099999822676182,false,false,false,false,,false,false,2023-12-12T02:15:00.000Z,0
CVE-2023-41366,https://securityvulnerability.io/vulnerability/CVE-2023-41366,Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform,"Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

",SAP,SAP Netweaver Application Server Abap And Abap Platform,5.3,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-11-14T01:15:00.000Z,0
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2022-41214,https://securityvulnerability.io/vulnerability/CVE-2022-41214,,"Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.

",SAP,SAP Netweaver Application Server Abap And Abap Platform,8.7,HIGH,0.0008500000112690032,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-41215,https://securityvulnerability.io/vulnerability/CVE-2022-41215,,"SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

",SAP,SAP Netweaver Abap Server And Abap Platform,4.7,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-41212,https://securityvulnerability.io/vulnerability/CVE-2022-41212,,"Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.",SAP,SAP Netweaver Application Server Abap And Abap Platform,4.9,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-29611,https://securityvulnerability.io/vulnerability/CVE-2022-29611,,"SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2022-05-11T14:57:20.000Z,0
CVE-2022-28215,https://securityvulnerability.io/vulnerability/CVE-2022-28215,,"SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.",SAP,SAP Netweaver Abap Server And Abap Platform,4.7,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2022-04-12T16:11:33.000Z,0