SAP NetWeaver

Deserialization Remote Code Exec in SAP NetWeaver Enterprise Portal Admin
CVE-2026-27685 9.1 - Critical - March 10, 2026

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system.

Marshaling, Unmarshaling

SQLi in SAP NetWeaver Feedback Notifications Service
CVE-2026-27684 6.4 - Medium - March 10, 2026

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.

SQL Injection

SAP NetWeaver ABAP MemCorrupt Exploit CVE-2026-24320
CVE-2026-24320 3.1 - Low - February 10, 2026

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

HTTP Response Splitting

SAP NetWeaver ABAP Signed XML Tampering Attack
CVE-2026-23687 8.8 - High - February 10, 2026

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

Improper Verification of Cryptographic Signature

SAP NetWeaver JMS Deserialization: High Impact DoS
CVE-2026-23685 4.4 - Medium - February 10, 2026

Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution, potentially causing a denial of service. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

Marshaling, Unmarshaling

SAP AppSrv ABAP OS Command Injection via RFC SDK
CVE-2026-0507 8.4 - High - January 13, 2026

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the systems confidentiality, integrity, and availability.

Shell injection

SAP ICF: Missing Auth Checks Allow Token Replay Auth Bypass
CVE-2025-42875 6.6 - Medium - December 09, 2025

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.

Missing Authentication for Critical Function

RCE in SAP NetWeaver Xcelsius Remote Service due to Input Validation Flaw
CVE-2025-42874 7.9 - High - December 09, 2025

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality.

Amplification

SAP NetWeaver ABAP Null Deref via Corrupted Logon Ticket Crash
CVE-2025-42902 5.3 - Medium - October 14, 2025

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.

NULL Pointer Dereference

SAP NetWeaver RMI-P4 Deserialization Vulnerability Enables Remote OS Command Exec
CVE-2025-42944 10 - Critical - September 09, 2025

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.

Marshaling, Unmarshaling

Privilege Escalation via Untrusted Content Upload in SAP NWA
CVE-2025-42964 9.1 - Critical - July 08, 2025

SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Marshaling, Unmarshaling

SAP NetWeaver ABAP Priv Esc via Missing Auth Check
CVE-2025-42961 4.9 - Medium - July 08, 2025

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

AuthZ

SAP NetWeaver XML Data Archiving Service: Insecure Java Deserialization (CVE-2025-42966)
CVE-2025-42966 9.1 - Critical - July 08, 2025

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.

Marshaling, Unmarshaling

Unauthenticated HMAC Replay Attack Enables Full System Compromise
CVE-2025-42959 8.1 - High - July 08, 2025

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.

Use of Single-factor Authentication

XSS in SAP NetWeaver ABAP Keyword Documentation
CVE-2025-31325 5.8 - Medium - June 10, 2025

Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.

XSS

SAP NetWeaver Info Disclosure via Malicious Config Injection
CVE-2025-31329 6.2 - Medium - May 13, 2025

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.

Improper Neutralization of Parameter/Argument Delimiters

SAP NW Visual Composer IDU Deserial Remote Exec via Untrusted Content
CVE-2025-42999 9.1 - Critical - May 13, 2025

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Marshaling, Unmarshaling

SAP NetWeaver Visual Composer Metadata Uploader: Unauth Exec Upload Vulnerability
CVE-2025-31324 10 - Critical - April 24, 2025

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Unrestricted File Upload

SAP NetWeaver APP Server for ABAP URL Param Info Disclosure
CVE-2025-0053 - January 14, 2025

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.

Generation of Error Message Containing Sensitive Information

SAP NetWeaver ABAP Privilege Escalation Vulnerability
CVE-2024-47585 - December 10, 2024

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.

AuthZ

SAP NetWeaver Administrator SSRF Vulnerability
CVE-2024-54197 - December 10, 2024

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

SSRF

SAP NetWeaver Java Software Update Manager 1.1 Credential Exposure Vulnerability
CVE-2024-47588 - November 12, 2024

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability.

Insufficiently Protected Credentials

SAP NetWeaver AS Java (System Landscape Directory) Authorization Bypass Vulnerability
CVE-2024-42372 - November 12, 2024

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.

AuthZ

SAP NetWeaver ABAP Kernel Null Pointer Dereference Denial of Service Vulnerability
CVE-2024-47586 - November 12, 2024

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.

NULL Pointer Dereference

SAP NetWeaver AS Java Unauthenticated User ID Brute Force Vulnerability
CVE-2024-47592 - November 12, 2024

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.

SAP NetWeaver AS ABAP Privilege Escalation Vulnerability
CVE-2024-47595 7.1 - High - November 12, 2024

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

Incorrect Privilege Assignment

SAP NetWeaver RFC Module Abuse: Read User Favourites
CVE-2024-42380 - September 10, 2024

The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.

SAP NetWeaver/ABAP Platform DoS via Service Flooding
CVE-2024-33001 6.5 - Medium - June 11, 2024

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application.

SAP NetWeaver ABAP XSS (CVE-2024-32733)
CVE-2024-32733 - May 14, 2024

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application

XSS

CVE-2024-33006: Unauthenticated File Upload Total System Compromise
CVE-2024-33006 9.6 - Critical - May 14, 2024

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. 

Unrestricted File Upload

SAP NetWeaver ABAP App Server DDoS/Crash Vulnerability
CVE-2024-30218 - April 09, 2024

The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.

Multiple Binds to the Same Port

SAP NetWeaver SSRF: Input Validation Flaw Enabling Internal Requests
CVE-2024-27898 5.3 - Medium - April 09, 2024

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.

SSRF

SAP NetWeaver WSRM 7.50 Info Disclosure
CVE-2024-25644 5.3 - Medium - March 12, 2024

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

Incorrect Permission Assignment for Critical Resource

SAP Web Dispatcher High-Confidentiality Bypass in ICM (7.54)
CVE-2024-22124 7.5 - High - January 09, 2024

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.

SAP NetWeaver 7.50 Guided Procedures Auth Bypass Exposing User Emails
CVE-2023-41367 5.3 - Medium - September 12, 2023

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view users email address. There is no integrity/availability impact.

Missing Authentication for Critical Function

SAP NetWeaver BI CONT Add-on Directory Traversal -> Overwrite OS Files
CVE-2023-33989 8.1 - High - July 11, 2023

An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.

Directory traversal

OS Command Injection in SAP IS-OIL via Unprotected Parameter
CVE-2023-36922 8.8 - High - July 11, 2023

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.

Shell injection

SAP NetWeaver Benchmark DoS via repetitive benchmark run
CVE-2023-32114 2.7 - Low - June 13, 2023

SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.

Resource Exhaustion

SAP NetWeaver 7.50 Reflected XSS via insufficient input encoding
CVE-2023-33985 6.1 - Medium - June 13, 2023

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

XSS

XSS via content type in SAP NetWeaver DTR 7.50 Design Time Repository
CVE-2023-33984 5.4 - Medium - June 13, 2023

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.

XSS

SAP NW BI CONT ADDON dir traversal Remote file overwrite
CVE-2023-29186 6.5 - Medium - April 11, 2023

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Directory traversal

Reflected XSS in SAP GUI for HTML before 7.93
CVE-2023-27499 6.1 - Medium - April 11, 2023

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.

XSS

SAP NetWeaver ABAP DT Traversal Enables OS File Deletion
CVE-2023-27501 9.6 - Critical - March 14, 2023

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity

Directory traversal

SAP NetWeaver DOS via crafted request in test class
CVE-2023-27270 6.5 - Medium - March 14, 2023

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.

Resource Exhaustion

SAP NetWeaver Vulnerable Endpoints: Reflected XSS via Improper Input Encoding
CVE-2023-0021 6.1 - Medium - March 14, 2023

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

XSS

SAP NetWeaver Enterprise Portal 7.50 XML Parser RCE/Info Disclosure
CVE-2023-26461 4.9 - Medium - March 14, 2023

SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.

XXE

Unauth Session Hijack via XSS in SAP NetWeaver AS ABAP BSP
CVE-2023-24522 6.1 - Medium - February 14, 2023

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

XSS

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks
CVE-2022-28217 6.5 - Medium - June 13, 2022

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash.

SSRF

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86
CVE-2022-28772 7.5 - High - April 12, 2022

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Memory Corruption

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but
CVE-2022-28773 7.5 - High - April 12, 2022

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

Stack Exhaustion