cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-47585,https://securityvulnerability.io/vulnerability/CVE-2024-47585,Potential Security Concerns Due to Improper Authorization Checks,"SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T00:12:29.987Z,0 CVE-2024-45285,https://securityvulnerability.io/vulnerability/CVE-2024-45285,Low-privilege User Can Perform Denial of Service and Data Tampering Attacks on SAP GUI,"The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:59:01.937Z,0 CVE-2024-44117,https://securityvulnerability.io/vulnerability/CVE-2024-44117,Low Privileged User Actions on Favourite Nodes and Workbook ID,"The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:25:27.127Z,0 CVE-2024-41728,https://securityvulnerability.io/vulnerability/CVE-2024-41728,Attackers Can Read Confidential Objects Without Authorization,"Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,2.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-09-10T04:00:56.713Z,0 CVE-2024-44116,https://securityvulnerability.io/vulnerability/CVE-2024-44116,Low Privileged User Vulnerability Affects Workplace Favorites,The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T03:11:05.878Z,0 CVE-2024-44115,https://securityvulnerability.io/vulnerability/CVE-2024-44115,Low Privileged User Targeting: Identifying Usernames and Workplace Information,"The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T03:08:43.205Z,0 CVE-2024-44114,https://securityvulnerability.io/vulnerability/CVE-2024-44114,Potential Data Exposure via Program Execution,SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,2.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-09-10T03:06:18.174Z,0 CVE-2024-42380,https://securityvulnerability.io/vulnerability/CVE-2024-42380,Low Privileged User Data Exposure through Vulnerability,The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T02:47:52.783Z,0 CVE-2024-42371,https://securityvulnerability.io/vulnerability/CVE-2024-42371,Low Privileged User Access to Targeted User Workplace Favorites Could Lead to Identification of Targeted User Names and Access Information,The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T02:37:47.259Z,0 CVE-2024-41734,https://securityvulnerability.io/vulnerability/CVE-2024-41734,SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability Could Lead to Disclosure of User Related Information,"Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.",SAP,SAP Netweaver Application Server Abap And Abap Platform,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-13T04:18:03.596Z,0 CVE-2024-37180,https://securityvulnerability.io/vulnerability/CVE-2024-37180,Remote ENabled Function Module Vulnerability,"Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T04:41:32.313Z,0 CVE-2024-39599,https://securityvulnerability.io/vulnerability/CVE-2024-39599,SAP NetWeaver Application Server Security Vulnerability,"Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T04:24:31.103Z,0 CVE-2024-33001,https://securityvulnerability.io/vulnerability/CVE-2024-33001,"Attacker Can Impede Performance, Causing Delays and Service Interruptions","SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application.",SAP,SAP Netweaver And Abap Platform,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-11T02:05:00.333Z,0 CVE-2024-33006,https://securityvulnerability.io/vulnerability/CVE-2024-33006,Unauthorized File Upload Vulnerability,"The SAP Security Patch Day May 2024 delivered 14 new Security Notes alongside updates to 3 previously released notes. A critical vulnerability, tracked as CVE-2024-33006, was addressed in the SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to a complete system takeover. The exploitation of this vulnerability is a severe risk and organizations using SAP systems are urged to upgrade promptly to mitigate the risk. Additionally, other vulnerabilities were addressed in the security updates, highlighting the importance of timely patching and security vigilance.",SAP,SAP Netweaver Application Server Abap And Abap Platform,9.6,CRITICAL,0.0004299999854993075,false,true,false,true,,false,false,2024-05-14T04:16:06.647Z,0 CVE-2024-34687,https://securityvulnerability.io/vulnerability/CVE-2024-34687,SAP NetWeaver Application Server for ABAP and ABAP Platform Exposed to Cross-Site Scripting (XSS) Vulnerability,"SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system. ",SAP,SAP Netweaver Application Server For Abap And Abap Platform,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:56:24.324Z,0 CVE-2024-32733,https://securityvulnerability.io/vulnerability/CVE-2024-32733,SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability: Untrusted Data Injection," Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application ",SAP,SAP Netweaver Application Server Abap And Abap Platform,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:38:19.474Z,0 CVE-2024-21738,https://securityvulnerability.io/vulnerability/CVE-2024-21738,Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform,"SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. ",SAP,SAP NetWeaver ABAP Application Server and ABAP Platform,4.1,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-01-09T02:15:00.000Z,0 CVE-2023-49581,https://securityvulnerability.io/vulnerability/CVE-2023-49581,SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform,"SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. ",SAP,SAP NetWeaver Application Server ABAP and ABAP Platform,4.1,MEDIUM,0.0017099999822676182,false,false,false,false,,false,false,2023-12-12T02:15:00.000Z,0 CVE-2023-41366,https://securityvulnerability.io/vulnerability/CVE-2023-41366,Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform,"Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. ",SAP,SAP Netweaver Application Server Abap And Abap Platform,5.3,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-11-14T01:15:00.000Z,0 CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0 CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0 CVE-2023-37492,https://securityvulnerability.io/vulnerability/CVE-2023-37492,Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform,"SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.",SAP,SAP Netweaver As Abap And Abap Platform,4.9,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0 CVE-2023-35874,https://securityvulnerability.io/vulnerability/CVE-2023-35874,Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform,"SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.",SAP,SAP Netweaver As Abap And Abap Platform,6,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0 CVE-2023-23858,https://securityvulnerability.io/vulnerability/CVE-2023-23858,,"Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application. ",SAP,SAP NetWeaver AS for ABAP and ABAP Platform,6.1,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2023-02-14T04:15:00.000Z,0 CVE-2022-41215,https://securityvulnerability.io/vulnerability/CVE-2022-41215,,"SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. ",SAP,SAP Netweaver Abap Server And Abap Platform,4.7,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0