This page lists publicly disclosed CVE vulnerabilities affecting sap netweaver_as_abap_kernel (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-24320 | Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or | [email protected] | 3.1 | 0.03% | 2026-02-10 | 2026-02-17 |
| CVE-2026-0509 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application. | [email protected] | 9.6 | 0.04% | 2026-02-10 | 2026-02-17 |
| CVE-2022-29616 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | [email protected] | 7.5 | 0.41% | 2022-05-11 | 2024-11-21 |
| CVE-2022-27656 | The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | [email protected] | 6.1 | 0.32% | 2022-05-11 | 2024-11-21 |