Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24320

Summary
Assigner-sap
Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At-10 Feb, 2026 | 03:03
Updated At-10 Feb, 2026 | 16:25
Rejected At-
Credits

Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sap
Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At:10 Feb, 2026 | 03:03
Updated At:10 Feb, 2026 | 16:25
Rejected At:
▼CVE Numbering Authority (CNA)
Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Affected Products
Vendor
SAP SESAP_SE
Product
SAP NetWeaver and ABAP Platform (Application Server ABAP)
Default Status
unaffected
Versions
Affected
  • KRNL64NUC 7.22
  • 7.22EXT
  • KRNL64UC 7.22
  • 7.53
  • 8.04
  • KERNEL 7.22
  • 7.54
  • 7.77
  • 7.89
  • 7.93
  • 9.16
  • 9.17
  • 9.18
Problem Types
TypeCWE IDDescription
CWECWE-113CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers
Type: CWE
CWE ID: CWE-113
Description: CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers
Metrics
VersionBase scoreBase severityVector
3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://me.sap.com/notes/3678313
N/A
https://url.sap/sapsecuritypatchday
N/A
Hyperlink: https://me.sap.com/notes/3678313
Resource: N/A
Hyperlink: https://url.sap/sapsecuritypatchday
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@sap.com
Published At:10 Feb, 2026 | 04:16
Updated At:17 Feb, 2026 | 15:27

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
SAP SE
sap
>>netweaver_as_abap_kernel>>7.22
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>7.54
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.54:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>7.77
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>7.89
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>7.93
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.93:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>9.16
cpe:2.3:a:sap:netweaver_as_abap_kernel:9.16:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>9.17
cpe:2.3:a:sap:netweaver_as_abap_kernel:9.17:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_kernel>>9.18
cpe:2.3:a:sap:netweaver_as_abap_kernel:9.18:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_krnl64nuc>>7.22
cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_krnl64nuc>>7.22ext
cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_as_abap_krnl64uc>>7.22
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-113Primarycna@sap.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-113
Type: Primary
Source: cna@sap.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://me.sap.com/notes/3678313cna@sap.com
Permissions Required
https://url.sap/sapsecuritypatchdaycna@sap.com
Vendor Advisory
Hyperlink: https://me.sap.com/notes/3678313
Source: cna@sap.com
Resource:
Permissions Required
Hyperlink: https://url.sap/sapsecuritypatchday
Source: cna@sap.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

85Records found
CVE-2020-6347
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6356
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21459
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:38
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21460
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:38
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21462
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:40
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21455
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:38
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21456
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:40
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21461
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:40
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21454
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:39
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6349
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6340
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:45
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6343
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:44
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6372
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.10%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 01:57
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6342
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:44
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6360
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6359
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6373
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.10%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 01:58
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6357
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6361
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6346
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6339
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:43
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6337
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:43
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6336
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:40
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6331
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:50
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6335
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.49%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:37
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26817
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.10%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 16:15
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2025-42934
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 9.39%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 02:04
Updated-12 Aug, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)

SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application's integrity and no impact on confidentiality or availability.

Action-Not Available
Vendor-SAP SE
Product-SAP S/4HANA (Supplier invoice)
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CVE-2025-42877
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 02:14
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-42971
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4||MEDIUM
EPSS-0.02% / 3.16%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 00:37
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAPCAR

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAPCAR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41202
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-1.76% / 82.30%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41167
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_authorSAP 3D Visual Enterprise Author
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-41193
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-2.44% / 84.84%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-28772
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-1.14% / 78.04%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Action-Not Available
Vendor-SAP SE
Product-netweaverweb_dispatcherSAP NetWeaver (Internet Communication Manager)SAP Web Dispatcher
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27624
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 65.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_internet_graphics_serverSAP Internet Graphics Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30015
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-4.1||MEDIUM
EPSS-0.27% / 49.93%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 07:14
Updated-08 Apr, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver and ABAP Platform (Application Server ABAP)
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found