SAP_SE

297 tracked vulnerabilities.

CVE-2026-44757 MEDIUM
SAP Wily Introscope Enterprise Manager - Cross-Site Scripting
Jun 09, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-44755 MEDIUM
SAP BusinessObjects BI Platform - Authenticated Email Spoofing
Jun 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44754 MEDIUM
Missing caller identification check-in for ODP Data Replication APIs
Jun 09, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-44751 HIGH
Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform
Jun 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-44750 MEDIUM
Missing Authorization check in SAP MDG (Review Match Groups Application)
Jun 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44748 CRITICAL
XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform
Jun 09, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-44746 MEDIUM
SAP NetWeaver AS Java JDBC Test Servlet - Reflected Cross-Site Scripting
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-44744 MEDIUM
SAP S/4HANA - Authenticated SQL Injection in Remote Function Module
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44743 LOW
SAP BusinessObjects - Sensitive Information Exposure via Endpoint
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-40128 CRITICAL
SAP NetWeaver AS Java Web Container - Path Traversal via HTTP Logon Request
Jun 09, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-27671 CRITICAL
SAP NetWeaver ABAP SAP Kernel - Memory Corruption via RFC Request
Jun 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24315 MEDIUM
SAP Fiori Launchpad - Path Traversal via Malicious URLs
Jun 09, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-44749 MEDIUM
Information Disclosure vulnerability in SAP Gateway
May 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27680 LOW
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
May 14, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-40137 MEDIUM
Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
May 12, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-40136 MEDIUM
Denial of service (DoS) in SAP Financial Consolidation
May 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-40135 MEDIUM
OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
May 12, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40134 MEDIUM
Missing Authorization Check in SAP Incentive and Commission Management
May 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-40133 MEDIUM
Missing Authorization check in SAP S/4HANA Condition Maintenance
May 12, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40132 MEDIUM
Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
May 12, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40131 LOW
SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library
May 12, 2026
CVSS 3.4
EPSS 0.00
CVE-2026-40129 MEDIUM
Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform
May 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-34263 CRITICAL
Missing authentication check in SAP Commerce cloud configuration
May 12, 2026
CVSS 9.6
EPSS 0.01
CVE-2026-34260 CRITICAL
SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)
May 12, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-34259 HIGH
OS Command Injection Vulnerability in SAP Forecasting & Replenishment
May 12, 2026
CVSS 8.2
EPSS 0.00