sap
1,577 tracked vulnerabilities.
CVE-2021-33698
HIGH
SAP Business One <10.0 - Code Injection
Sep 15, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-33697
MEDIUM
SAP BusinessObjects Business Intelligence Platform 420, 430 - Unauthenticated Reverse Tabnabbing
Sep 15, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-33696
MEDIUM
SAP BusinessObjects Business Intelligence Platform 420, 430 - Cross-Site Scripting
Sep 15, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-33695
CRITICAL
SAP Cloud Connector <2.0 - Info Disclosure
Sep 15, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-33694
MEDIUM
SAP Cloud Connector 2.0 - Authenticated Stored Cross-Site Scripting
Sep 15, 2021
CVSS 4.8
EPSS 0.00
CVE-2021-33693
MEDIUM
SAP Cloud Connector <2.0 - Code Injection
Sep 15, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-33692
HIGH
SAP Cloud Connector <2.0 - Path Traversal
Sep 15, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-33691
MEDIUM
NWDI Notification Service -7.31-7.50-7.40 - XSS
Sep 15, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-33690
CRITICAL
NUCLEI
SAP NetWeaver Development Infrastructure Component Build Service 7.11-7.50 - Server-Side Request Forgery
Sep 15, 2021
CVSS 9.9
EPSS 0.68
CVE-2021-38177
HIGH
SAP CommonCryptoLib <8.5.38 - Memory Corruption
Sep 14, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-38176
HIGH
SAP Landscape Transformation - NZDT ABAP Code Injection
Sep 14, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-38175
MEDIUM
SAP Analysis for Microsoft Office <2.8 - Info Disclosure
Sep 14, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-38174
MEDIUM
SAP 3D Visual Enterprise Viewer <9 - Info Disclosure
Sep 14, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-38164
MEDIUM
SAP ERP Financial Accounting - Privilege Escalation
Sep 14, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-38163
CRITICAL
KEV
SAP NetWeaver (Visual Composer 7.0 RT) - Command Injection
Sep 14, 2021
CVSS 9.9
EPSS 0.37
CVE-2021-38162
HIGH
SAP Web Dispatcher 7.49, 7.53, 7.77, 7.81 - Unauthenticated HTTP Request Smuggling
Sep 14, 2021
CVSS 8.9
EPSS 0.03
CVE-2021-38150
MEDIUM
SAP Business Client <7.0-7.70 - Info Disclosure
Sep 14, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-37535
CRITICAL
SAP NetWeaver Application Server Java 7.11-7.50 - Missing Authorization in JMS Connector Service
Sep 14, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-37532
MEDIUM
SAP Business One 10 - Authenticated Path Traversal
Sep 14, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-37531
HIGH
SAP NetWeaver Knowledge Management XML Forms 7.10-7.50 - Authenticated OS Command Injection via Malicious XSL Stylesheet
Sep 14, 2021
CVSS 8.8
EPSS 0.03
CVE-2021-33688
MEDIUM
SAP Business One - Authenticated SQL Injection
Sep 14, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-33686
MEDIUM
SAP Business One <10.0 - Info Disclosure
Sep 14, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-33685
MEDIUM
SAP Business One <10.0 - Path Traversal
Sep 14, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-33679
MEDIUM
SAP BusinessObjects BI Platform -420 - XSS
Sep 14, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-33675
MEDIUM
SAP Contact Center 700 - Reflected Cross-Site Scripting
Sep 14, 2021
CVSS 6.1
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters