Netweaver
This hub aggregates every CVE we track for Netweaver, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
54
CVEs tracked
7
Critical
18
High
2
In CISA KEV
Severity distribution
MEDIUM27HIGH18CRITICAL7LOW2
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Netweaver.
- CVE-2025-31324Missing Authorization check in SAP NetWeaver (Visual Composer development server)KEV10.0
- CVE-2024-27898Server-Side Request Forgery in SAP NetWeaver5.3
- CVE-2024-25644Information Disclosure vulnerability in NetWeaver (WSRM)5.3
- CVE-2024-22124Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager4.1
- CVE-2023-41367Missing Authentication check in SAP NetWeaver (Guided Procedures)5.3
- CVE-2023-36922OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)9.1
- CVE-2023-33985Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6.1
- CVE-2023-33984Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)6.4
- CVE-2023-32114Denial of Service in SAP NetWeaver2.7
- CVE-2023-29186Directory/Path Traversal vulnerability in SAP NetWeaver.8.7
- CVE-2022-28217Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at e...6.5
- CVE-2022-28772By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KR...7.5
- CVE-2022-28773Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.7.5
- CVE-2022-22534Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally ex...6.1
- CVE-2021-38183SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web ...6.1
Product normalization is registry-driven with AI assist and human review. How it works