Filtered by vendor Sap
Subscriptions
Filtered by product Application Server
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42945 | 1 Sap | 4 Abap Platform, Application Server, As Abap and 1 more | 2025-08-12 | 6.1 Medium |
| SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability. | ||||
| CVE-2025-42975 | 1 Sap | 5 Application Server, Netweaver, Netweaver Abap and 2 more | 2025-08-12 | 6.1 Medium |
| SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability. | ||||
| CVE-2020-6262 | 1 Sap | 1 Application Server | 2024-11-21 | 8.8 High |
| Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection. | ||||
Page 1 of 1.