Netweaver

This hub aggregates every CVE we track for Netweaver, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Netweaver.

• CVE-2026-23685Insecure Deserialization vulnerability in SAP NetWeaver (JMS service)4.4Feb 10, 2026
• CVE-2025-42968Missing Authorization check in SAP NetWeaver (RFC enabled function module)5.0Jul 8, 2025
• CVE-2025-42999Insecure Deserialization in SAP NetWeaver (Visual Composer development server)KEV9.1May 13, 2025
• CVE-2025-31324Missing Authorization check in SAP NetWeaver (Visual Composer development server)KEV10.0Apr 24, 2025
• CVE-2024-27898Server-Side Request Forgery in SAP NetWeaver5.3Apr 9, 2024
• CVE-2024-25644Information Disclosure vulnerability in NetWeaver (WSRM)5.3Mar 12, 2024
• CVE-2024-22124Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager4.1Jan 9, 2024
• CVE-2023-41367Missing Authentication check in SAP NetWeaver (Guided Procedures)5.3Sep 12, 2023
• CVE-2023-36922OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)9.1Jul 11, 2023
• CVE-2023-33985Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6.1Jun 13, 2023
• CVE-2023-33984Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)6.4Jun 13, 2023
• CVE-2023-32114Denial of Service in SAP NetWeaver2.7Jun 13, 2023
• CVE-2023-29186Directory/Path Traversal vulnerability in SAP NetWeaver.8.7Apr 11, 2023
• CVE-2023-27499Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML6.1Apr 11, 2023
• CVE-2023-0021Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver6.1Mar 14, 2023