sap
1,577 tracked vulnerabilities.
CVE-2022-31594
MEDIUM
SUID-root Program - Privilege Escalation
Jun 14, 2022
CVSS 6.7
EPSS 0.00
CVE-2022-31590
HIGH
SAP PowerDesigner Proxy 16.7 - Privilege Escalation
Jun 14, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-31589
MEDIUM
SAP ERP Financial Accounting - Incorrect Authorization in Israeli File SHAAM Program
Jun 14, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29618
MEDIUM
SAP NetWeaver Development Infrastructure 7.30, 7.31, 7.40, 7.50 - Unauthenticated Cross-Site Scripting via URL Injection
Jun 14, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-29615
LOW
SAP NetWeaver Developer Studio 7.50 - Deserialization of Untrusted Data
Jun 14, 2022
CVSS 3.4
EPSS 0.00
CVE-2022-29614
MEDIUM
SAP Host Agent - Local Privilege Escalation via sapuxuserchk Helper Program
Jun 14, 2022
CVSS 5.0
EPSS 0.00
CVE-2022-29612
MEDIUM
SAP Host Agent and NetWeaver ABAP - Authenticated Server-Side Request Forgery via sapcontrol startservice
Jun 14, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-27668
CRITICAL
SAP NetWeaver and ABAP Platform - Unauthenticated Remote Command Execution via SAProuter Administration Commands
Jun 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-28217
MEDIUM
SAP NetWeaver - Server-Side Request Forgery via XML Document Validation Bypass
Jun 13, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29617
MEDIUM
SAP Contributor License Agreement Assistant < 2.13.0 - Authenticated Denial of Service
Jun 06, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29616
HIGH
SAP NetWeaver AS ABAP Kernel - Memory Corruption via Logical Errors in Memory Management
May 11, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-29613
MEDIUM
SAP Employee Self Service - Authenticated Employee Number Tampering via Insufficient Input Validation
May 11, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-29611
HIGH
SAP NetWeaver Application Server ABAP and ABAP Platform - Missing Authorization
May 11, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-29610
MEDIUM
SAP NetWeaver Application Server ABAP - Authenticated Stored Cross-Site Scripting via Theme File Upload
May 11, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-28774
MEDIUM
SAP Host Agent - Unprotected Sensitive Information Exposure in Logfile
May 11, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-28214
HIGH
SAP BusinessObjects - Cleartext Storage of Sensitive Information in Sysmon Event Logs
May 11, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-27656
MEDIUM
SAP Web Dispatcher and Internet Communication Manager - Cross-Site Scripting in Web Administration UI
May 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-28773
HIGH
SAP Web Dispatcher/SAP Internet Communication Manager - DoS
Apr 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-28772
HIGH
SAP Web Dispatcher and Internet Communication Manager - Stack-based Buffer Overflow
Apr 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-28770
MEDIUM
SAPUI5 library (vbm) 750, 753, 754, 755, 75 - Unauthenticated Cross-Site Scripting via URL Injection
Apr 12, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-28216
MEDIUM
SAP BusinessObjects Business Intelligence Platform 420 - Unauthenticated Cross-Site Scripting
Apr 12, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-28215
MEDIUM
SAP NetWeaver ABAP Server and ABAP Platform 740, 750, 787 - Unauthenticated Open Redirect
Apr 12, 2022
CVSS 4.7
EPSS 0.01
CVE-2022-28213
HIGH
SAP BusinessObjects Business Intelligence Platform 420, 430 - XML External Entity Injection via SOAP Web Services
Apr 12, 2022
CVSS 8.1
EPSS 0.12
CVE-2022-27671
MEDIUM
SAP BusinessObjects Business Intelligence Platform - Information Disclosure via CSRF Token in URL
Apr 12, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-27670
MEDIUM
SAP SQL Anywhere 17.0 - Authenticated Denial of Service via Indirect Identifier Queries
Apr 12, 2022
CVSS 6.5
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters