sap
1,568 tracked vulnerabilities.
CVE-2026-0490
HIGH
SAP BusinessObjects BI Platform - Auth Bypass
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0488
CRITICAL
SAP CRM/S/4HANA - Privilege Escalation
Feb 10, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-0486
MEDIUM
SAP Solution Tools Plug-In - Missing Authorization
Feb 10, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-0485
HIGH
SAP BusinessObjects BI Platform - DoS
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0484
MEDIUM
SAP NetWeaver/S/4HANA - Privilege Escalation
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0514
MEDIUM
SAP Business Connector - Unauthenticated Stored Cross-Site Scripting
Jan 13, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0513
MEDIUM
SAP Supplier Relationship Management - Unauthenticated Open Redirect via SICF Handler
Jan 13, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-0506
HIGH
SAP NetWeaver Application Server ABAP - Authenticated Missing Authorization Check via RFC Function
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0500
CRITICAL
SAP Wily Introscope Enterprise Manager - Unauthenticated OS Command Injection via Malicious JNLP File
Jan 13, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-0498
CRITICAL
SAP S/4HANA - Authenticated ABAP Code and OS Command Injection via RFC Function Module
Jan 13, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-0492
HIGH
SAP HANA Database - Privilege Escalation via User Switching
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-42894
MEDIUM
SAP Business Connector - Authenticated Path Traversal and Arbitrary File Write
Nov 11, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-42893
MEDIUM
SAP Business Connector - Unauthenticated Open Redirect via Malicious URL
Nov 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42892
MEDIUM
SAP Business Connector - Authenticated OS Command Injection via Crafted Content Upload
Nov 11, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-42886
MEDIUM
SAP Business Connector - Reflected Cross-Site Scripting via Malicious Link
Nov 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42926
MEDIUM
SAP NetWeaver Application Server Java - Unauthenticated Sensitive Information Exposure via Internal File Access
Sep 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-42920
MEDIUM
SAP Supplier Relationship Management - Stored Cross-Site Scripting via Malicious Link
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42918
MEDIUM
SAP NetWeaver Application Server for ABAP - Authenticated Missing Authorization for Profile Parameters
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42911
MEDIUM
SAP NetWeaver - Authenticated Information Disclosure via Service Data Download Function Module
Sep 09, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-42936
MEDIUM
SAP NetWeaver Application Server for ABAP - Authenticated Privilege Escalation via Barcode Interface
Aug 12, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42956
MEDIUM
SAP NetWeaver ABAP and ABAP Platform - Stored Cross-Site Scripting via Malicious Link
Jul 08, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42986
MEDIUM
SAP BASIS - Missing Authorization Check in Obsolete RFC Function Module
Jul 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42968
MEDIUM
SAP NetWeaver - Authenticated Information Disclosure via Remote-Enabled Function Module
Jul 08, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-42988
LOW
SAP Business Objects - Info Disclosure
Jun 10, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-23192
HIGH
SAP BusinessObjects Business Intelligence - Unauthenticated Stored Cross-Site Scripting in BI Workspace
Jun 10, 2025
CVSS 8.2
EPSS 0.00
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 78
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 68
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters