SAP_SE

283 tracked vulnerabilities.

CVE-2025-42880 CRITICAL
SAP Solution Manager - Code Injection
Dec 09, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-42878 HIGH
SAP Web Dispatcher & ICM - Info Disclosure
Dec 09, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-42877 HIGH
SAP Web Dispatcher, ICM & Content Server - Unauthenticated Memory Corruption
Dec 09, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-42876 HIGH
SAP S/4 HANA Private Cloud - Info Disclosure
Dec 09, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-42875 MEDIUM
SAP Internet Communication Framework - Auth Bypass
Dec 09, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-42874 HIGH
SAP NetWeaver Xcelsius Remote Service - High-Privilege Remote Code Execution
Dec 09, 2025
CVSS 7.9
EPSS 0.00
CVE-2025-42873 MEDIUM
SAPUI5 framework Markdown-it component - Denial of Service via Infinite Loop
Dec 09, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-42872 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
Dec 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42940 HIGH
SAP CommonCryptoLib - Memory Corruption
Nov 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-42924 MEDIUM
SAP S/4HANA landscape (SAP E-Recruiting BSP) - Unauthenticated Open Redirect via Malicious Link
Nov 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42919 MEDIUM
SAP NetWeaver Application Server Java - Info Disclosure
Nov 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42899 MEDIUM
SAP S4CORE (Manage Journal Entries) - Authenticated Privilege Escalation
Nov 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42897 MEDIUM
SAP Business One (SLD) - Information Disclosure via Anonymous API
Nov 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42895 MEDIUM
SAP HANA JDBC Client - Code Injection
Nov 11, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-42890 CRITICAL
SAP SQL Anywhere Monitor (Non-GUI) - Use of Hard-coded Credentials
Nov 11, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-42889 MEDIUM
SAP Starter Solution - SQL Injection
Nov 11, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42888 MEDIUM
SAP GUI for Windows - Info Disclosure
Nov 11, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-42887 CRITICAL
SAP Solution Manager - Code Injection
Nov 11, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-42885 MEDIUM
SAP HANA 2.0 (hdbrss) - Unauthenticated Information Disclosure via Remote-Enabled Function
Nov 11, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-42884 MEDIUM
SAP NetWeaver Enterprise Portal - Info Disclosure
Nov 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-42883 LOW
SAP NetWeaver Application Server - Privilege Escalation
Nov 11, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-42882 MEDIUM
SAP NetWeaver Application Server for ABAP - Info Disclosure
Nov 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42939 MEDIUM
SAP S/4HANA - Authenticated Incorrect Authorization via Request Parameter Tampering
Oct 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42937 CRITICAL
SAP Print Service - Unauthenticated Path Traversal via Insufficient Path Validation
Oct 14, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-42910 CRITICAL
SAP Supplier Relationship Management - File Upload
Oct 14, 2025
CVSS 9.0
EPSS 0.00
Products
SAP NetWeaver Application Server for ABAP and ABAP Platform 10 SAP NetWeaver Application Server ABAP 9 SAP Fiori App (Intercompany Balance Reconciliation) 6 SAP GUI for Windows 6 SAP NetWeaver Application Server Java 6 SAP NetWeaver Application Server for ABAP 6 SAP BusinessObjects Business Intelligence Platform 5 SAP Financial Consolidation 4 SAP NetWeaver Application Server ABAP and ABAP Platform 4 SAP NetWeaver Enterprise Portal 4 SAPCAR 4 SAP Business One (SLD) 3 SAP Commerce Cloud 3 SAP HCM (My Timesheet Fiori 2.0 application) 3 SAP MDM Server 3 SAP NetWeaver AS for JAVA (Adobe Document Services) 3 SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) 3 SAP NetWeaver and ABAP Platform (SDCCN) 3 SAP Solution Manager 3 SAP Business Connector 2 SAP Business Warehouse and SAP Plug-In Basis 2 SAP Commerce 2 SAP Enable Now 2 SAP Landscape Transformation 2 SAP Landscape Transformation (Analysis Platform) 2 SAP NetWeaver 2 SAP NetWeaver ABAP Platform 2 SAP NetWeaver Application Server ABAP (BIC Document) 2 SAP S/4 HANA (Cash Management) 2 SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) 2
Quick Filters
Critical CVEs With Exploits In CISA KEV