threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sap netweaver application server abap
Product
sap netweaver application server abap
78 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-0488
all versions
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and
9.9
CRITICAL
CVE-2026-0506
all versions
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could m
8.1
HIGH
CVE-2024-41728
all versions
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a
2.7
LOW
CVE-2024-44114
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals dat
2.0
LOW
CVE-2024-41734
all versions
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could cal
4.3
MEDIUM
CVE-2024-41732
all versions
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist contr
4.7
MEDIUM
CVE-2024-33001
all versions
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service.
6.5
MEDIUM
CVE-2024-24740
all versions
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, K
5.3
MEDIUM
CVE-2024-21738
all versions
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site
4.1
MEDIUM
CVE-2023-49581
all versions
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restr
4.1
MEDIUM
CVE-2023-41366
all versions
Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL
5.3
MEDIUM
CVE-2023-40624
all versions
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI
5.5
MEDIUM
CVE-2023-40309
all versions
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks fo
9.8
CRITICAL
CVE-2023-40308
all versions
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory c
7.5
HIGH
CVE-2023-37492
all versions
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP
4.9
MEDIUM
CVE-2023-35874
all versions
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22
6.0
MEDIUM
CVE-2023-28763
all versions
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authen
6.5
MEDIUM
CVE-2023-27499
all versions
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT
6.1
MEDIUM
CVE-2023-27501
all versions
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allow
8.7
HIGH
CVE-2023-27500
all versions
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system
9.6
CRITICAL
CVE-2023-27270
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756,
6.5
MEDIUM
CVE-2023-27269
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756,
9.6
CRITICAL
CVE-2023-26459
all versions
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 7
7.4
HIGH
CVE-2023-25618
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756,
6.5
MEDIUM
CVE-2023-25614
all versions
SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allo
6.1
MEDIUM
CVE-2023-24522
all versions
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows a
6.1
MEDIUM
CVE-2023-23860
all versions
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenti
6.1
MEDIUM
CVE-2023-23859
all versions
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenti
6.1
MEDIUM
CVE-2023-23858
all versions
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 75
6.1
MEDIUM
CVE-2023-23854
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform ne
3.8
LOW
CVE-2023-23853
all versions
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751,
6.1
MEDIUM
CVE-2023-0014
all versions
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,
9.0
CRITICAL
CVE-2023-0013
all versions
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 75
6.1
MEDIUM
CVE-2022-41215
all versions
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insuff
4.7
MEDIUM
CVE-2022-41214
all versions
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level p
8.7
HIGH
CVE-2022-41212
all versions
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level p
4.9
MEDIUM
CVE-2022-39799
all versions
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulti
6.1
MEDIUM
CVE-2022-35294
all versions
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP,
5.4
MEDIUM
CVE-2022-29611
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated use
8.8
HIGH
CVE-2022-29610
all versions
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which co
5.4
MEDIUM
CVE-2022-26102
all versions
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticat
5.4
MEDIUM
CVE-2022-22540
all versions
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an att
7.5
HIGH
CVE-2022-22536
all versions
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web D
10.0
CRITICAL
CVE-2021-42067
all versions
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an
4.3
MEDIUM
CVE-2021-44235
all versions
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754
6.7
MEDIUM
CVE-2021-44231
all versions
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker coul
9.8
CRITICAL
CVE-2021-40504
all versions
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 73
4.9
MEDIUM
CVE-2021-40499
all versions
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70,
9.8
CRITICAL
CVE-2021-40496
all versions
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows
4.3
MEDIUM
CVE-2021-40495
all versions
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740
5.3
MEDIUM
CVE-2021-38181
all versions
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an atta
7.5
HIGH
CVE-2021-38178
all versions
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 7
8.8
HIGH
CVE-2021-33684
all versions
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT,
5.3
MEDIUM
CVE-2021-33678
all versions
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751
6.5
MEDIUM
CVE-2021-33677
all versions
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which
7.5
HIGH
CVE-2021-27610
all versions
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not creat
9.8
CRITICAL
CVE-2021-33665
all versions
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53,
5.4
MEDIUM
CVE-2021-33664
all versions
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS
5.4
MEDIUM
CVE-2021-33663
all versions
SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.0
5.3
MEDIUM
CVE-2021-21490
all versions
SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 752, 75A, 75F, does not sufficiently en
6.1
MEDIUM
CVE-2021-21473
all versions
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains func
6.3
MEDIUM
CVE-2021-27611
all versions
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing
6.7
MEDIUM
CVE-2021-27603
all versions
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process b
6.5
MEDIUM
CVE-2021-21446
all versions
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users
7.5
HIGH
CVE-2020-26835
all versions
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to inpu
6.1
MEDIUM
CVE-2020-26832
all versions
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 201
7.6
HIGH
CVE-2020-26819
all versions
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access
8.8
HIGH
CVE-2020-26818
all versions
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access
8.8
HIGH
CVE-2020-6371
all versions
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP
4.3
MEDIUM
CVE-2020-6310
all versions
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730
4.3
MEDIUM
CVE-2020-6299
all versions
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the
4.3
MEDIUM
CVE-2020-6296
all versions
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an at
8.8
HIGH
CVE-2020-6280
all versions
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain
2.7
LOW
CVE-2020-6275
all versions
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Re
9.8
CRITICAL
CVE-2020-6270
all versions
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform neces
6.5
MEDIUM
CVE-2020-6240
all versions
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unau
7.5
HIGH
CVE-2019-0321
all versions
ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting
6.1
MEDIUM
CVE-2019-0257
>= 7.0 and <= 7.02
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin