sap

1,568 tracked vulnerabilities.

CVE-2021-21490 MEDIUM
SAP NetWeaver AS ABAP Web Survey - Reflected Cross-Site Scripting
Jun 09, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-21473 MEDIUM
SAP NetWeaver AS ABAP and ABAP Platform - Missing Authorization in SRM_RFC_SUBMIT_REPORT Function Module
Jun 09, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-33668 HIGH
SAP InfraBox < 1.2.1 - Unauthenticated LDAP Injection
Jun 09, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27619 MEDIUM
SAP Commerce (Backoffice Search) - Info Disclosure
May 11, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-27618 MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Unrestricted Upload of File with Dangerous Type
May 11, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-27617 MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Denial of Service via Malicious XML Upload
May 11, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-27616 HIGH
SAP Business One Hana Chef Cookbook <10.0 - Info Disclosure
May 11, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-27614 HIGH
SAP Business One Hana Chef Cookbook - Code Injection
May 11, 2021
CVSS 7.1
EPSS 0.00
CVE-2021-27613 HIGH
SAP Business One Chef <10.0 - Info Disclosure
May 11, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-27612 MEDIUM
SAP GUI for Windows <7.70 - Open Redirect
May 11, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-27611 MEDIUM
SAP NetWeaver AS ABAP - Code Injection
May 11, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-27608 HIGH
SAPSetup <9.0 - Privilege Escalation
Apr 14, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-27604 MEDIUM
SAP NetWeaver ABAP Server/ABAP Platform <7.50 - XSS
Apr 14, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-27599 MEDIUM
SAP NetWeaver ABAP Server/ABAP Platform <7.50 - Info Disclosure
Apr 14, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-27609 MEDIUM
SAP Focused RUN - Privilege Escalation
Apr 13, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-27605 MEDIUM
SAP HCM Travel Management Fiori Apps V2 - Privilege Escalation
Apr 13, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-27603 MEDIUM
SAP NetWeaver AS ABAP 731, 740, 750 - Denial of Service via SPI_WAIT_MILLIS Function Module
Apr 13, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-27602 CRITICAL
SAP Commerce 1808, 1811, 1905, 2005, 2011 - Authenticated Remote Code Execution via Source Rule Injection
Apr 13, 2021
CVSS 9.9
EPSS 0.02
CVE-2021-27601 MEDIUM
SAP NetWeaver AS Java - Stored Cross-Site Scripting via Malicious File Upload
Apr 13, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-27600 MEDIUM
SAP Manufacturing Execution -15.1-15.4 - XSS
Apr 13, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-27598 MEDIUM
SAP NetWeaver AS JAVA - Info Disclosure
Apr 13, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-21492 MEDIUM
SAP NetWeaver Application Server Java - Content Spoofing via Logon Group URL Validation
Apr 13, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21485 MEDIUM
SAP NetWeaver Application Server for Java - Info Disclosure
Apr 13, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-21483 MEDIUM
SAP Solution Manager <720 - Info Disclosure
Apr 13, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-21482 HIGH
SAP NetWeaver Master Data Management 710, 710.750 - Unauthenticated Password Brute Force
Apr 13, 2021
CVSS 8.3
EPSS 0.00
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV