CVSS: 9.9EPSS: 0%CPEs: 12EXPL: 0CVE-2025-0070 – Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
https://notcve.org/view.php?id=CVE-2025-0070
14 Jan 2025 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability. • https://me.sap.com/notes/3537476 • CWE-287: Improper Authentication •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-0059 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
https://notcve.org/view.php?id=CVE-2025-0059
14 Jan 2025 — Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3503138 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47593 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47593
12 Nov 2024 — SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability. • https://me.sap.com/notes/3508947 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-47586 – NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47586
12 Nov 2024 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. • https://me.sap.com/notes/3504390 • CWE-476: NULL Pointer Dereference •