CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2025-42902 – Memory Corruption vulnerability in SAP Netweaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2025-42902
14 Oct 2025 — Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity. • https://me.sap.com/notes/3627308 • CWE-476: NULL Pointer Dereference •
CVSS: 4.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-42935 – Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)
https://notcve.org/view.php?id=CVE-2025-42935
12 Aug 2025 — The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability. SAP NetWeaver Application Server ABAP y ABAP Platform Internet Communication Manager (ICM) permite a los usuarios autorizados con privilegios de administrad... • https://me.sap.com/notes/3601480 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-30218 – Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-30218
09 Apr 2024 — The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. El servidor de aplicaciones ABAP de SAP NetWeaver, así como la plataforma ABAP, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio. Esto tiene un impacto considerable en la disponibilidad. The ABAP Applic... • https://me.sap.com/notes/3359778 • CWE-400: Uncontrolled Resource Consumption CWE-605: Multiple Binds to the Same Port •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 3CVE-2022-27668 – SAP SAProuter Improper Access Control
https://notcve.org/view.php?id=CVE-2022-27668
14 Jun 2022 — Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. Dependiendo de la configuración de la tabla de permisos de ruta en el archivo "sapr... • https://packetstorm.news/files/id/168406 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-29616
https://notcve.org/view.php?id=CVE-2022-29616
11 May 2022 — SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. SAP Host Agent, SAP NetWeaver y ABAP Platform permiten a un atacante aprovechar errores lógicos en la administración de la memoria para causar una corrupción de memoria • https://launchpad.support.sap.com/#/notes/3145702 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2022-27656
https://notcve.org/view.php?id=CVE-2022-27656
11 May 2022 — The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. La interfaz de administración web de SAP Web Dispatcher y de Internet Communication Manager (ICM) no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/3145046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-22543
https://notcve.org/view.php?id=CVE-2022-22543
09 Feb 2022 — SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are n... • https://launchpad.support.sap.com/#/notes/3116223 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-27628 – SAP NetWeaver ABAP Dispatcher Service Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27628
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to c... • https://launchpad.support.sap.com/#/notes/3021197 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27606 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27606
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In th... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27632 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27632
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In ... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-476: NULL Pointer Dereference •