CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23190 – Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)
https://notcve.org/view.php?id=CVE-2025-23190
11 Feb 2025 — Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system. • https://me.sap.com/notes/3547581 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23189 – Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
https://notcve.org/view.php?id=CVE-2025-23189
11 Feb 2025 — Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability • https://me.sap.com/notes/3546470 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23187 – Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
https://notcve.org/view.php?id=CVE-2025-23187
11 Feb 2025 — Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability. • https://me.sap.com/notes/3546470 • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 12EXPL: 0CVE-2025-0070 – Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
https://notcve.org/view.php?id=CVE-2025-0070
14 Jan 2025 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability. • https://me.sap.com/notes/3537476 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0053 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2025-0053
14 Jan 2025 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits. • https://me.sap.com/notes/3536461 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47585 – Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47585
10 Dec 2024 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the ap... • https://me.sap.com/notes/3536361 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-47586 – NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47586
12 Nov 2024 — SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. • https://me.sap.com/notes/3504390 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-45285 – Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-45285
10 Sep 2024 — The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. • https://me.sap.com/notes/3488039 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-44117 – Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-44117
10 Sep 2024 — The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application. • https://me.sap.com/notes/3488039 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2024-41728 – Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-41728
10 Sep 2024 — Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects. • https://me.sap.com/notes/3496410 • CWE-862: Missing Authorization •