SAP_SE

312 tracked vulnerabilities.

CVE-2025-42989 CRITICAL
SAP NetWeaver Application Server for ABAP - Authenticated Privilege Escalation via RFC Inbound Processing
Jun 10, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-42987 MEDIUM
SAP Manage Processing Rules - Privilege Escalation
Jun 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42984 MEDIUM
SAP S/4HANA Manage Central Purchase Contract - Privilege Escalation
Jun 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42983 HIGH
SAP Business Warehouse - Privilege Escalation
Jun 10, 2025
CVSS 8.5
EPSS 0.00
CVE-2025-42982 HIGH
SAP GRC (AC Plugin) >=V1100_700 <V1100_700 and >=V1100_731 <V1100_731 - Missing Authorization
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-42977 HIGH
SAP NetWeaver Visual Composer - Path Traversal
Jun 10, 2025
CVSS 7.6
EPSS 0.01
CVE-2025-31325 MEDIUM
SAP NetWeaver (ABAP Keyword Documentation) < SAP_BASIS 758 - XSS via Unprotected Parameter
Jun 10, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-43011 HIGH
SAP Landscape Transformation - Privilege Escalation
May 13, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-43010 HIGH
SAP S/4HANA Cloud Private Edition or on Premise - Command Injection
May 13, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-43009 MEDIUM
SAP Service Parts Management (SPM) - Missing Authorization
May 13, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-43008 MEDIUM
SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal - Unauthenticated Information Disclosure via Missing Authorization
May 13, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-43007 MEDIUM
SAP Service Parts Management (SPM) - Authenticated Privilege Escalation via Missing Authorization
May 13, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-43006 MEDIUM
SAP Supplier Relationship Management - XSS
May 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43005 MEDIUM
SAP GUI for Windows - Info Disclosure
May 13, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43004 MEDIUM
Production Operator Dashboards - Info Disclosure
May 13, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43003 MEDIUM
SAP S/4 HANA - Privilege Escalation
May 13, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-43002 MEDIUM
SAP S4/HANA OData Meta-Data Property - Authenticated Information Disclosure via Missing Authorization Check
May 13, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43000 HIGH
Promotion Management Wizard - Info Disclosure
May 13, 2025
CVSS 7.9
EPSS 0.00
CVE-2025-42997 MEDIUM
SAP Gateway Client - Info Disclosure
May 13, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-31329 MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform - Information Disclosure via User Configuration Settings
May 13, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-26662 MEDIUM
Data Services Management Console - XSS
May 13, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-31328 MEDIUM
SAP S/4 HANA Learning Solution - Cross-Site Request Forgery via GET-based OData Function
Apr 22, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-31327 MEDIUM
SAP Field Logistics - Data Tampering
Apr 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31333 MEDIUM
SAP S4CORE entity - Data Tampering via OData Meta-Data Property
Apr 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31331 MEDIUM
SAP NetWeaver - Authenticated Incorrect Authorization via ABAP Transaction
Apr 08, 2025
CVSS 4.3
EPSS 0.00