Every CVE whose affected-product data names Sap Sap Basis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2025-0066 — CVSS 9.9 (critical): Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access…
CVE-2025-0063 — CVSS 8.8 (high): SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to…
CVE-2026-23687 — CVSS 8.8 (high): SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed…
CVE-2016-4551 — CVSS 7.5 (high): The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses…
CVE-2024-34687 — CVSS 6.5 (medium): SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site…
CVE-2025-0058 — CVSS 6.5 (medium): In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate…
CVE-2026-0484 — CVSS 6.5 (medium): Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a…
CVE-2025-42956 — CVSS 6.1 (medium): SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make…
CVE-2025-42936 — CVSS 5.4 (medium): The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user…
CVE-2025-23193 — CVSS 5.3 (medium): SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based…
CVE-2025-0053 — CVSS 5.3 (medium): SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using…
CVE-2026-24312 — CVSS 5.2 (medium): An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass…
CVE-2024-34689 — CVSS 5.0 (medium): WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network…
CVE-2025-42911 — CVSS 5.0 (medium): SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to…
CVE-2024-39599 — CVSS 4.7 (medium): Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured…
CVE-2025-42986 — CVSS 4.3 (medium): Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker…
CVE-2025-42918 — CVSS 4.3 (medium): SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access…
CVE-2024-37180 — CVSS 4.1 (medium): Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function…