SAP_SE

297 tracked vulnerabilities.

CVE-2025-42899 MEDIUM
SAP S4CORE (Manage Journal Entries) - Authenticated Privilege Escalation
Nov 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42897 MEDIUM
SAP Business One (SLD) - Information Disclosure via Anonymous API
Nov 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42895 MEDIUM
SAP HANA JDBC Client - Code Injection
Nov 11, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-42890 CRITICAL
SAP SQL Anywhere Monitor (Non-GUI) - Use of Hard-coded Credentials
Nov 11, 2025
CVSS 10.0
EPSS 0.01
CVE-2025-42889 MEDIUM
SAP Starter Solution - SQL Injection
Nov 11, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42888 MEDIUM
SAP GUI for Windows - Info Disclosure
Nov 11, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-42887 CRITICAL
SAP Solution Manager - Code Injection
Nov 11, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-42885 MEDIUM
SAP HANA 2.0 (hdbrss) - Unauthenticated Information Disclosure via Remote-Enabled Function
Nov 11, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-42884 MEDIUM
SAP NetWeaver Enterprise Portal - Info Disclosure
Nov 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-42883 LOW
SAP NetWeaver Application Server - Privilege Escalation
Nov 11, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-42882 MEDIUM
SAP NetWeaver Application Server for ABAP - Info Disclosure
Nov 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42939 MEDIUM
SAP S/4HANA - Authenticated Incorrect Authorization via Request Parameter Tampering
Oct 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42937 CRITICAL
SAP Print Service - Unauthenticated Path Traversal via Insufficient Path Validation
Oct 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-42910 CRITICAL
SAP Supplier Relationship Management - File Upload
Oct 14, 2025
CVSS 9.0
EPSS 0.00
CVE-2025-42909 LOW
SAP Cloud Appliance Library Appliances - Sensitive Cookie Without 'HttpOnly' Flag
Oct 14, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-42908 MEDIUM
SAP NetWeaver Application Server for ABAP - CSRF
Oct 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42906 MEDIUM
SAP Commerce Cloud - Path Traversal
Oct 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42903 MEDIUM
SAP Financial Service Claims Management - Info Disclosure
Oct 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42902 MEDIUM
SAP NetWeaver AS ABAP/ABAP Platform - Memory Corruption
Oct 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42901 MEDIUM
SAP Application Server for ABAP (BAPI Browser) - Authenticated Stored Cross-Site Scripting
Oct 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42907 MEDIUM
SAP BI Platform - Server-Side Request Forgery via LogonToken IP Address Modification
Sep 23, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42958 CRITICAL
SAP NetWeaver - Unauthenticated Privilege Escalation via Missing Authentication Check
Sep 09, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-42944 CRITICAL
SAP NetWeaver - Unauthenticated Remote Code Execution via RMI-P4 Deserialization
Sep 09, 2025
CVSS 10.0
EPSS 0.03
CVE-2025-42938 MEDIUM
SAP NetWeaver ABAP Platform - Unauthenticated Stored Cross-Site Scripting via Malicious Link
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42933 HIGH
SAP Business One (SLD) - Insufficiently Protected Credentials via Unencrypted API Responses
Sep 09, 2025
CVSS 8.8
EPSS 0.00