SAP_SE

312 tracked vulnerabilities.

CVE-2025-42882 MEDIUM
SAP NetWeaver Application Server for ABAP - Info Disclosure
Nov 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42939 MEDIUM
SAP S/4HANA - Authenticated Incorrect Authorization via Request Parameter Tampering
Oct 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42937 CRITICAL
SAP Print Service - Unauthenticated Path Traversal via Insufficient Path Validation
Oct 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-42910 CRITICAL
SAP Supplier Relationship Management - File Upload
Oct 14, 2025
CVSS 9.0
EPSS 0.00
CVE-2025-42909 LOW
SAP Cloud Appliance Library Appliances - Sensitive Cookie Without 'HttpOnly' Flag
Oct 14, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-42908 MEDIUM
SAP NetWeaver Application Server for ABAP - CSRF
Oct 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42906 MEDIUM
SAP Commerce Cloud - Path Traversal
Oct 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42903 MEDIUM
SAP Financial Service Claims Management - Info Disclosure
Oct 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42902 MEDIUM
SAP NetWeaver AS ABAP/ABAP Platform - Memory Corruption
Oct 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42901 MEDIUM
SAP Application Server for ABAP (BAPI Browser) - Authenticated Stored Cross-Site Scripting
Oct 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42907 MEDIUM
SAP BI Platform - Server-Side Request Forgery via LogonToken IP Address Modification
Sep 23, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42958 CRITICAL
SAP NetWeaver - Unauthenticated Privilege Escalation via Missing Authentication Check
Sep 09, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-42944 CRITICAL
SAP NetWeaver - Unauthenticated Remote Code Execution via RMI-P4 Deserialization
Sep 09, 2025
CVSS 10.0
EPSS 0.03
CVE-2025-42938 MEDIUM
SAP NetWeaver ABAP Platform - Unauthenticated Stored Cross-Site Scripting via Malicious Link
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42933 HIGH
SAP Business One (SLD) - Insufficiently Protected Credentials via Unencrypted API Responses
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-42930 MEDIUM
SAP Business Planning and Consolidation - DoS
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-42929 HIGH
SAP Landscape Transformation Replication Server - Authenticated Arbitrary Database Table Deletion via ABAP Reports
Sep 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-42927 LOW
SAP NetWeaver AS Java - Privilege Escalation
Sep 09, 2025
CVSS 3.4
EPSS 0.00
CVE-2025-42925 MEDIUM
SAP NetWeaver AS JAVA IIOP - Info Disclosure
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42923 MEDIUM
SAP Fiori App Manage Work Center Groups - CSRF
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42922 CRITICAL
SAP NetWeaver AS Java - Privilege Escalation
Sep 09, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-42917 MEDIUM
SAP HCM Approve Timesheets Fiori 2.0 - Privilege Escalation
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-42916 HIGH
SAP S/4HANA (Private Cloud or On-Premise) - Arbitrary Database Table Content Deletion via ABAP Reports
Sep 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-42915 MEDIUM
SAP Fiori app Manage Payment Blocks - Missing Authorization
Sep 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42914 LOW
SAP HCM My Timesheet Fiori 2.0 - Privilege Escalation
Sep 09, 2025
CVSS 3.1
EPSS 0.00