SAP_SE

283 tracked vulnerabilities.

CVE-2025-42969 MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform - XSS
Jul 08, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42967 CRITICAL
SAP S/4HANA and SCM Characteristic Propagation - User-Level Report Code Execution
Jul 08, 2025
CVSS 9.9
EPSS 0.02
CVE-2025-42966 CRITICAL
SAP NetWeaver XML Data Archiving Service - Deserialization
Jul 08, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-42965 MEDIUM
SAP CMC Promotion Management - Info Disclosure
Jul 08, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-42964 CRITICAL
SAP NetWeaver Enterprise Portal - Code Injection
Jul 08, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-42963 CRITICAL
SAP NetWeaver Application server for Java Log Viewer - Use After Free
Jul 08, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-42962 MEDIUM
SAP Business Warehouse Business Explorer Web 3.5 - Stored Cross-Site Scripting via Loading Animation
Jul 08, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42961 MEDIUM
SAP NetWeaver Application server for ABAP - Privilege Escalation
Jul 08, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-42960 MEDIUM
SAP Business Warehouse - Privilege Escalation
Jul 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42959 HIGH
SAP NetWeaver ABAP Server and ABAP Platform - Unauthenticated Replay Attack via HMAC Credential Reuse
Jul 08, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-42954 LOW
SAP NetWeaver Business Warehouse CCAW - DoS
Jul 08, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-42953 HIGH
SAP Netweaver - Privilege Escalation
Jul 08, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-42952 HIGH
SAP Business Warehouse & SAP Plug-In Basis - Privilege Escalation
Jul 08, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-31326 MEDIUM
SAP BusinessObjects - HTML Injection
Jul 08, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-42998 MEDIUM
SAP Business One Integration Framework - Auth Bypass
Jun 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42996 MEDIUM
SAP MDM Server - Privilege Escalation
Jun 10, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-42995 HIGH
SAP MDM Server >= 710.750 - Denial of Service via Crafted Packet Handling
Jun 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-42994 HIGH
SAP MDM Server >= 710.750 - Denial of Service via ReadString Function
Jun 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-42993 MEDIUM
SAP S/4HANA (Enterprise Event Enablement) - Missing Authorization Check in Inbound Binding Configuration
Jun 10, 2025
CVSS 6.7
EPSS 0.01
CVE-2025-42991 MEDIUM
SAP S/4HANA (Bank Account Application) - Authenticated Missing Authorization in Attachment Deletion
Jun 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42990 LOW
SAPUI5 applications - Cross-Site Scripting
Jun 10, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-42989 CRITICAL
SAP NetWeaver Application Server for ABAP - Authenticated Privilege Escalation via RFC Inbound Processing
Jun 10, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-42987 MEDIUM
SAP Manage Processing Rules - Privilege Escalation
Jun 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42984 MEDIUM
SAP S/4HANA Manage Central Purchase Contract - Privilege Escalation
Jun 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42983 HIGH
SAP Business Warehouse - Privilege Escalation
Jun 10, 2025
CVSS 8.5
EPSS 0.00
Products
SAP NetWeaver Application Server for ABAP and ABAP Platform 10 SAP NetWeaver Application Server ABAP 9 SAP Fiori App (Intercompany Balance Reconciliation) 6 SAP GUI for Windows 6 SAP NetWeaver Application Server Java 6 SAP NetWeaver Application Server for ABAP 6 SAP BusinessObjects Business Intelligence Platform 5 SAP Financial Consolidation 4 SAP NetWeaver Application Server ABAP and ABAP Platform 4 SAP NetWeaver Enterprise Portal 4 SAPCAR 4 SAP Business One (SLD) 3 SAP Commerce Cloud 3 SAP HCM (My Timesheet Fiori 2.0 application) 3 SAP MDM Server 3 SAP NetWeaver AS for JAVA (Adobe Document Services) 3 SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) 3 SAP NetWeaver and ABAP Platform (SDCCN) 3 SAP Solution Manager 3 SAP Business Connector 2 SAP Business Warehouse and SAP Plug-In Basis 2 SAP Commerce 2 SAP Enable Now 2 SAP Landscape Transformation 2 SAP Landscape Transformation (Analysis Platform) 2 SAP NetWeaver 2 SAP NetWeaver ABAP Platform 2 SAP NetWeaver Application Server ABAP (BIC Document) 2 SAP S/4 HANA (Cash Management) 2 SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) 2
Quick Filters
Critical CVEs With Exploits In CISA KEV