CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2025-31331 – Authorization Bypass vulnerability in SAP NetWeaver
https://notcve.org/view.php?id=CVE-2025-31331
08 Apr 2025 — SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality. SAP NetWeaver permite a un atacante eludir las comprobaciones de autorización, lo que le permite ver fragmentos de código ABAP que normalmente requerirían va... • https://me.sap.com/notes/3577131 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2024-45279 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
https://notcve.org/view.php?id=CVE-2024-45279
10 Sep 2024 — Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application. • https://me.sap.com/notes/3501359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •