threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sap basis
Product
sap basis
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-24312
all versions
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can
5.2
MEDIUM
CVE-2026-23687
all versions
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid
8.8
HIGH
CVE-2026-0484
all versions
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could acces
6.5
MEDIUM
CVE-2025-42918
all versions
SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized rea
4.3
MEDIUM
CVE-2025-42911
all versions
SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant acc
5.0
MEDIUM
CVE-2025-42936
all versions
The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for differen
5.4
MEDIUM
CVE-2025-42956
all versions
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they c
6.1
MEDIUM
CVE-2025-42986
all versions
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged atta
4.3
MEDIUM
CVE-2025-23193
all versions
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differen
5.3
MEDIUM
CVE-2025-0066
all versions
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to acce
9.9
CRITICAL
CVE-2025-0063
all versions
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This coul
8.8
HIGH
CVE-2025-0058
all versions
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimat
6.5
MEDIUM
CVE-2025-0053
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information.
5.3
MEDIUM
CVE-2024-39599
all versions
Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the c
4.7
MEDIUM
CVE-2024-37180
all versions
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled f
4.1
MEDIUM
CVE-2024-34689
all versions
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal
5.0
MEDIUM
CVE-2024-34687
all versions
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-
6.5
MEDIUM
CVE-2023-29110
all versions
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C,
3.7
LOW
CVE-2023-29109
all versions
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA
4.4
MEDIUM
CVE-2022-41264
all versions
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 7
8.8
HIGH
CVE-2020-6307
all versions
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perf
4.3
MEDIUM
CVE-2019-0248
all versions
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows a
5.9
MEDIUM
CVE-2018-2478
>= 7.0 and <= 7.02
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.
7.2
HIGH
CVE-2016-4551
all versions
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP ad
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin