SAP_SE

297 tracked vulnerabilities.

CVE-2026-0504 LOW
SAP Identity Management - Info Disclosure
Jan 13, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-0503 MEDIUM
SAP ERP Central Component and SAP S/4HANA (SAP EHS Management) - Missing Authorization Check
Jan 13, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-0501 CRITICAL
SAP S/4HANA Private Cloud & On-Premise - SQL Injection
Jan 13, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-0499 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
Jan 13, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0497 MEDIUM
SAP Product Designer Web UI - Info Disclosure
Jan 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0496 MEDIUM
SAP Fiori App Intercompany Balance Reconciliation - File Upload
Jan 13, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-0495 MEDIUM
SAP Fiori App - Privilege Escalation
Jan 13, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-0494 MEDIUM
SAP Fiori App (Intercompany Balance Reconciliation) - Exposure of Sensitive System Information
Jan 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0493 MEDIUM
SAP Fiori App Intercompany Balance Reconciliation - CSRF
Jan 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0491 CRITICAL
SAP Landscape Transformation - Command Injection
Jan 13, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-42928 CRITICAL
SAP jConnect - SDK for ASE 16.0.4-16.0.4, 16.1-16.1 - Remote Code Execution via Deserialization
Dec 09, 2025
CVSS 9.1
EPSS 0.08
CVE-2025-42904 MEDIUM
Application Server ABAP - Info Disclosure
Dec 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-42896 MEDIUM
SAP BusinessObjects BI Platform - Login Error URL Server-Side Request Forgery
Dec 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42891 MEDIUM
SAP Enterprise Search - Info Disclosure
Dec 09, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-42880 CRITICAL
SAP Solution Manager - Code Injection
Dec 09, 2025
CVSS 9.9
EPSS 0.04
CVE-2025-42878 HIGH
SAP Web Dispatcher & ICM - Info Disclosure
Dec 09, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-42877 HIGH
SAP Web Dispatcher, ICM & Content Server - Unauthenticated Memory Corruption
Dec 09, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-42876 HIGH
SAP S/4 HANA Private Cloud - Info Disclosure
Dec 09, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-42875 MEDIUM
SAP Internet Communication Framework - Auth Bypass
Dec 09, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-42874 HIGH
SAP NetWeaver Xcelsius Remote Service - High-Privilege Remote Code Execution
Dec 09, 2025
CVSS 7.9
EPSS 0.00
CVE-2025-42873 MEDIUM
SAPUI5 framework Markdown-it component - Denial of Service via Infinite Loop
Dec 09, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-42872 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
Dec 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42940 HIGH
SAP CommonCryptoLib - Memory Corruption
Nov 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-42924 MEDIUM
SAP S/4HANA landscape (SAP E-Recruiting BSP) - Unauthenticated Open Redirect via Malicious Link
Nov 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42919 MEDIUM
SAP NetWeaver Application Server Java - Info Disclosure
Nov 11, 2025
CVSS 5.3
EPSS 0.00