📦 Netweaver

CVE-2025-42999 is a deserialization vulnerability in SAP NetWeaver Visual Composer Metadata Uploader that allows privileged users to upload malicious content, potentially leading to remote code execut...

CVE-2025-31324 is an unauthenticated remote code execution vulnerability in SAP NetWeaver Visual Composer Metadata Uploader that allows attackers to upload malicious binaries and execute arbitrary cod...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on SAP ECC and S/4HANA systems with IS-OIL component. Successful exploitation enables attackers to read...

CVE-2021-38163 is a critical vulnerability in SAP NetWeaver Visual Composer that allows authenticated non-administrative users to upload malicious files and execute arbitrary operating system commands...

This vulnerability allows attackers with administrative privileges to exploit a directory traversal flaw in SAP NetWeaver BI CONT ADDON reports to upload and overwrite files on the SAP server. While d...

CVE-2022-28773 is an uncontrolled recursion vulnerability in SAP Web Dispatcher and SAP Internet Communication Manager that can cause a denial of service through application crashes. The affected comp...

CVE-2022-28772 is a stack-based buffer overflow vulnerability in SAP Web Dispatcher and Internet Communication Manager. Attackers can send overlong input values to overwrite the program stack, causing...

This CVE describes a deserialization vulnerability in SAP NetWeaver's JMS service that allows authenticated administrators with local access to submit malicious content. If processed, this could trigg...

This vulnerability in SAP NetWeaver allows authenticated non-administrative users to call a remote-enabled function module that reveals non-sensitive system and OS information. It affects SAP NetWeave...