sap

1,568 tracked vulnerabilities.

CVE-2022-22534 MEDIUM
SAP NetWeaver - Unauthenticated Cross-Site Scripting
Feb 09, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-22533 HIGH
SAP NetWeaver Application Server Java - DoS
Feb 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-22532 CRITICAL
SAP NetWeaver Application Server Java - Memory Corruption
Feb 09, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-22528 HIGH
SAP ASE <16.0 - Privilege Escalation
Feb 09, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-22531 HIGH
SAP S/4HANA 100-106 - Authenticated Arbitrary File Upload and Script Execution in F0743 Create Single Payment
Jan 14, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-22530 HIGH
SAP S/4HANA - F0743 Create Single Payment - Code Injection
Jan 14, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-22529 MEDIUM
SAP Enterprise Threat Detection (ETD) -2.0 - XSS
Jan 14, 2022
CVSS 6.1
EPSS 0.00
CVE-2021-44234 MEDIUM
SAP Business One 10.0 - Sensitive Information Exposure in Extended Log
Jan 14, 2022
CVSS 5.5
EPSS 0.00
CVE-2021-42067 MEDIUM
SAP NetWeaver AS ABAP and ABAP Platform 701-756, 786 - Authenticated Information Disclosure via S/4 Hana Dashboard
Jan 14, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-44235 MEDIUM
SAP NetWeaver AS ABAP 700-756 - Authenticated OS Command Injection via Transaction Class Builder
Dec 14, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-44233 HIGH
SAP GRC Access Control V1100_700 V1100_731 V1200_750 - Authenticated Privilege Escalation
Dec 14, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-44232 HIGH
SAF-T Framework - Path Traversal in Transaction SAFTN_G
Dec 14, 2021
CVSS 7.7
EPSS 0.00
CVE-2021-44231 CRITICAL
SAP ABAP Platform - Code Injection via Text Extraction Reports
Dec 14, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-42070 LOW
SAP 3D Visual Enterprise Viewer 9.0 - Denial of Service via Malformed Jupiter Tessellation File
Dec 14, 2021
CVSS 3.3
EPSS 0.00
CVE-2021-42069 LOW
SAP 3D Visual Enterprise Viewer 9.0 - Denial of Service via Malformed TIFF File
Dec 14, 2021
CVSS 3.3
EPSS 0.00
CVE-2021-42068 LOW
SAP 3D Visual Enterprise Viewer 9.0 - Denial of Service via Malicious GIF File
Dec 14, 2021
CVSS 3.3
EPSS 0.00
CVE-2021-42066 MEDIUM
SAP Business One 10.0 - Authenticated Cleartext Storage of Sensitive Database Password
Dec 14, 2021
CVSS 4.4
EPSS 0.00
CVE-2021-42064 CRITICAL
SAP Commerce 1905, 2005, 2011, 2105 - SQL Injection via Flexible Search Java API Parameterized 'in' Clause
Dec 14, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-42063 MEDIUM NUCLEI
SAP Knowledge Warehouse 7.30-7.50 - Cross-Site Scripting
Dec 14, 2021
CVSS 6.1
EPSS 0.41
CVE-2021-42061 MEDIUM
SAP BusinessObjects Business Intelligence Platform 420 - Cross-Site Scripting in Quick Prompt Workflow
Dec 14, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-42062 MEDIUM
SAP ERP HCM Portugal - Missing Authorization for Payroll Data Report
Nov 10, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-40504 MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform 700-756 - Incorrect Authorization in Template Role
Nov 10, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-40503 HIGH
SAP GUI for Windows <7.60 PL13, 7.70 PL4 - Info Disclosure
Nov 10, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-40502 HIGH
SAP Commerce - Privilege Escalation
Nov 10, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-40501 HIGH
SAP ABAP Platform Kernel - Privilege Escalation
Nov 10, 2021
CVSS 8.1
EPSS 0.00
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV