Export limit exceeded: 354956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42948 | 1 Sap | 4 Abap Platform, Netweaver, Netweaver Abap and 1 more | 2026-04-15 | 6.1 Medium |
| Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser. | ||||
| CVE-2025-42902 | 1 Sap | 5 Abap Platform, As Abap, Netweaver and 2 more | 2026-04-15 | 5.3 Medium |
| Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity. | ||||
| CVE-2025-42927 | 1 Sap | 5 Java As, Netweaver, Netweaver As Abap and 2 more | 2026-04-15 | 3.4 Low |
| SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has a low impact on confidentiality and integrity, with no impact on availability. | ||||
| CVE-2025-42944 | 1 Sap | 2 Netweaver, Sap Netweaver | 2026-04-15 | 10 Critical |
| Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability. | ||||
| CVE-2025-42945 | 1 Sap | 4 Abap Platform, Application Server, As Abap and 1 more | 2026-04-15 | 6.1 Medium |
| SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability. | ||||
| CVE-2025-42935 | 1 Sap | 5 Abap Platform, As Abap, Netweaver and 2 more | 2026-04-15 | 4.1 Medium |
| The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability. | ||||
| CVE-2025-42938 | 1 Sap | 2 Abap Platform, Netweaver Abap | 2026-04-15 | 6.1 Medium |
| Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When executed, this content allows the attacker to access or modify information within the victim's browser scope, impacting the confidentiality and integrity�while availability remains unaffected. | ||||
| CVE-2025-42925 | 1 Sap | 4 Java As, Netweaver, Netweaver Java and 1 more | 2026-04-15 | 4.3 Medium |
| Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time, the attacker could determine a desired identifier which could enable them to access limited system information. This poses a low risk to confidentiality without impacting the integrity or availability of the service. | ||||
| CVE-2024-32733 | 1 Sap | 1 Netweaver | 2026-04-15 | 6.1 Medium |
| Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application | ||||
| CVE-2024-33006 | 1 Sap | 1 Netweaver | 2026-04-15 | 9.6 Critical |
| An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. | ||||
| CVE-2025-42919 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-15 | 5.3 Medium |
| Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access to sensitive application metadata. This results in a partial compromise of the confidentiality of the information without affecting the integrity or availability of the application server. | ||||
| CVE-2024-47586 | 1 Sap | 1 Netweaver Abap Application Server | 2026-04-15 | 5.3 Medium |
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. | ||||
| CVE-2025-42922 | 1 Sap | 4 Java As, Netweaver, Netweaver Java and 1 more | 2026-04-15 | 9.9 Critical |
| SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system. | ||||
| CVE-2025-42975 | 1 Sap | 5 Application Server, Netweaver, Netweaver Abap and 2 more | 2026-04-15 | 6.1 Medium |
| SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability. | ||||
| CVE-2025-42882 | 1 Sap | 6 Application Server, Netweaver, Netweaver Abap and 3 more | 2026-04-15 | 4.3 Medium |
| Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. As a result, this vulnerability has a low impact on confidentiality, with no impact on the integrity or availability of the application. | ||||
| CVE-2025-42874 | 1 Sap | 2 Netweaver, Sap Netweaver | 2026-04-15 | 7.9 High |
| SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality. | ||||
| CVE-2025-42999 | 1 Sap | 1 Netweaver | 2026-02-26 | 9.1 Critical |
| SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | ||||
| CVE-2025-31324 | 1 Sap | 1 Netweaver | 2026-02-26 | 10 Critical |
| SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. | ||||
| CVE-2025-42936 | 1 Sap | 2 Netweaver Application Server For Abap, Sap Basis | 2026-02-26 | 5.4 Medium |
| The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability. | ||||
| CVE-2022-28773 | 1 Sap | 2 Netweaver, Web Dispatcher | 2026-02-25 | 7.5 High |
| Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | ||||