cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-47585,https://securityvulnerability.io/vulnerability/CVE-2024-47585,Potential Security Concerns Due to Improper Authorization Checks,"SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T00:12:29.987Z,0 CVE-2024-45285,https://securityvulnerability.io/vulnerability/CVE-2024-45285,Low-privilege User Can Perform Denial of Service and Data Tampering Attacks on SAP GUI,"The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T04:59:01.937Z,0 CVE-2024-44117,https://securityvulnerability.io/vulnerability/CVE-2024-44117,Low Privileged User Actions on Favourite Nodes and Workbook ID,"The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T04:25:27.127Z,0 CVE-2024-41728,https://securityvulnerability.io/vulnerability/CVE-2024-41728,Attackers Can Read Confidential Objects Without Authorization,"Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,2.7,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-10T04:00:56.713Z,0 CVE-2024-44116,https://securityvulnerability.io/vulnerability/CVE-2024-44116,Low Privileged User Vulnerability Affects Workplace Favorites,The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T03:11:05.878Z,0 CVE-2024-44115,https://securityvulnerability.io/vulnerability/CVE-2024-44115,Low Privileged User Targeting: Identifying Usernames and Workplace Information,"The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T03:08:43.205Z,0 CVE-2024-44114,https://securityvulnerability.io/vulnerability/CVE-2024-44114,Potential Data Exposure via Program Execution,SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,2.7,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-10T03:06:18.174Z,0 CVE-2024-42380,https://securityvulnerability.io/vulnerability/CVE-2024-42380,Low Privileged User Data Exposure through Vulnerability,The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T02:47:52.783Z,0 CVE-2024-42371,https://securityvulnerability.io/vulnerability/CVE-2024-42371,Low Privileged User Access to Targeted User Workplace Favorites Could Lead to Identification of Targeted User Names and Access Information,The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.,SAP,SAP Netweaver Application Server For Abap And Abap Platform,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T02:37:47.259Z,0 CVE-2024-41734,https://securityvulnerability.io/vulnerability/CVE-2024-41734,SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability Could Lead to Disclosure of User Related Information,"Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.",SAP,SAP Netweaver Application Server Abap And Abap Platform,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-13T04:18:03.596Z,0 CVE-2024-37180,https://securityvulnerability.io/vulnerability/CVE-2024-37180,Remote ENabled Function Module Vulnerability,"Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T04:41:32.313Z,0 CVE-2024-39599,https://securityvulnerability.io/vulnerability/CVE-2024-39599,SAP NetWeaver Application Server Security Vulnerability,"Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,4.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T04:24:31.103Z,0 CVE-2024-33006,https://securityvulnerability.io/vulnerability/CVE-2024-33006,Unauthorized File Upload Vulnerability,"The SAP Security Patch Day May 2024 delivered 14 new Security Notes alongside updates to 3 previously released notes. A critical vulnerability, tracked as CVE-2024-33006, was addressed in the SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to a complete system takeover. The exploitation of this vulnerability is a severe risk and organizations using SAP systems are urged to upgrade promptly to mitigate the risk. Additionally, other vulnerabilities were addressed in the security updates, highlighting the importance of timely patching and security vigilance.",SAP,SAP Netweaver Application Server Abap And Abap Platform,9.6,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-05-15T14:10:40.000Z,,false,false,,2024-05-14T04:16:06.647Z,0 CVE-2024-34687,https://securityvulnerability.io/vulnerability/CVE-2024-34687,SAP NetWeaver Application Server for ABAP and ABAP Platform Exposed to Cross-Site Scripting (XSS) Vulnerability,"SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system. ",SAP,SAP Netweaver Application Server For Abap And Abap Platform,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T03:56:24.324Z,0 CVE-2024-32733,https://securityvulnerability.io/vulnerability/CVE-2024-32733,SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability: Untrusted Data Injection," Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application ",SAP,SAP Netweaver Application Server Abap And Abap Platform,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T03:38:19.474Z,0 CVE-2024-21738,https://securityvulnerability.io/vulnerability/CVE-2024-21738,Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform,"SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. ",SAP,SAP NetWeaver ABAP Application Server and ABAP Platform,4.1,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-09T02:15:00.000Z,0 CVE-2023-49581,https://securityvulnerability.io/vulnerability/CVE-2023-49581,SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform,"SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. ",SAP,SAP NetWeaver Application Server ABAP and ABAP Platform,4.1,MEDIUM,0.0017099999822676182,false,,false,false,false,,,false,false,,2023-12-12T02:15:00.000Z,0 CVE-2023-41366,https://securityvulnerability.io/vulnerability/CVE-2023-41366,Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform,"Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. ",SAP,SAP Netweaver Application Server Abap And Abap Platform,5.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2023-11-14T01:15:00.000Z,0 CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,,false,false,false,,,false,false,,2023-09-12T03:15:00.000Z,0 CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2023-09-12T02:15:00.000Z,0 CVE-2022-41214,https://securityvulnerability.io/vulnerability/CVE-2022-41214,Insufficient Input Validation Vulnerability in SAP NetWeaver Application Server ABAP,"The SAP NetWeaver Application Server ABAP and ABAP Platform are susceptible to an attack due to insufficient input validation. This vulnerability permits an attacker with elevated privileges to invoke a remote-enabled function that can delete restricted files. If exploited, this could lead to severe risks, including compromising the integrity and availability of the application, potentially allowing unauthorized access and manipulation of critical data.",SAP,SAP Netweaver Application Server Abap And Abap Platform,8.7,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0 CVE-2022-41212,https://securityvulnerability.io/vulnerability/CVE-2022-41212,Insufficient Input Validation in SAP NetWeaver Application Server ABAP,"The SAP NetWeaver Application Server ABAP and ABAP Platform are affected by an input validation vulnerability that allows attackers with elevated privileges to exploit a remote-enabled function. This flaw enables unauthorized access to restricted files, posing a serious threat to the confidentiality of sensitive application data. Organizations utilizing these platforms must address this vulnerability to maintain secure operations.",SAP,SAP Netweaver Application Server Abap And Abap Platform,4.9,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0 CVE-2022-29611,https://securityvulnerability.io/vulnerability/CVE-2022-29611,Privilege Escalation in SAP NetWeaver Application Server and ABAP Platform,"The SAP NetWeaver Application Server for ABAP and ABAP Platform are affected by a security flaw where the systems fail to enforce adequate authorization checks for authenticated users. This oversight allows users to gain elevated privileges, potentially leading to unauthorized access to critical components and data within the system. Organizations using these platforms should take immediate steps to mitigate this vulnerability and ensure proper security controls are in place.",SAP,SAP Netweaver Application Server For Abap And Abap Platform,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-05-11T14:57:20.000Z,0 CVE-2022-22545,https://securityvulnerability.io/vulnerability/CVE-2022-22545,High Privileged User Vulnerability in SAP NetWeaver Application Server ABAP,"A high privileged user with access to transaction SM59 on SAP NetWeaver Application Server ABAP can exploit this vulnerability to read connection details stored for HTTP calls across various versions. This could potentially lead to unauthorized access to sensitive information, emphasizing the importance of proper user role assignments and monitoring in SAP environments. It is essential for organizations using affected versions to assess their security configurations and implement necessary mitigations as per SAP's guidance.",SAP,SAP Netweaver Application Server Abap And Abap Platform,4.9,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-02-09T22:05:27.000Z,0 CVE-2022-22543,https://securityvulnerability.io/vulnerability/CVE-2022-22543,Denial-of-Service Vulnerability in SAP NetWeaver Application Server for ABAP,"The vulnerability in SAP NetWeaver Application Server for ABAP is due to insufficient validation of sap-passport information. This weakness allows unauthorized remote users to initiate a Denial-of-Service condition, potentially causing a crash of the SAP Web Dispatcher or kernel work processes. Although the crashed processes can be restarted without affecting others, this vulnerability poses a risk to application availability.",SAP,SAP Netweaver Application Server For Abap (kernel) And Abap Platform (kernel),7.5,HIGH,0.0020200000144541264,false,,false,false,false,,,false,false,,2022-02-09T22:05:27.000Z,0