sap

1,568 tracked vulnerabilities.

CVE-2025-42999 CRITICAL KEV
SAP NetWeaver Visual Composer Metadata Uploader - Code Injection
May 13, 2025
CVSS 9.1
EPSS 0.52
CVE-2025-30018 HIGH
SAP Supplier Relationship Management - Unauthenticated XML External Entity Injection via Live Auction Cockpit
May 13, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-30012 CRITICAL
SAP Supplier Relationship Management - Unauthenticated Remote Code Execution via Live Auction Cockpit Deserialization
May 13, 2025
CVSS 10.0
EPSS 0.02
CVE-2025-30011 MEDIUM
SAP Supplier Relationship Management - Info Disclosure
May 13, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30010 MEDIUM
SAP Supplier Relationship Management - Open Redirect
May 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-30009 MEDIUM
SAP Supplier Relationship Management - XSS
May 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-31324 CRITICAL KEVNUCLEI
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
Apr 24, 2025
CVSS 10.0
EPSS 0.35
CVE-2025-31332 MEDIUM
SAP BusinessObjects - Privilege Escalation
Apr 08, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-25245 MEDIUM
SAP BusinessObjects Web Intelligence - XSS
Mar 11, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-24876 HIGH
SAP Approuter Node.js <v16.7.1 - Auth Bypass
Feb 11, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-23193 MEDIUM
SAP NetWeaver Server ABAP - Info Disclosure
Feb 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-0064 HIGH
SAP BusinessObjects - Privilege Escalation
Feb 11, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-0066 CRITICAL
SAP NetWeaver AS ABAP and ABAP Platform - Unauthorized Information Disclosure via Weak Access Controls
Jan 14, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-0063 HIGH
SAP NetWeaver AS ABAP & ABAP Platform - Privilege Escalation
Jan 14, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-0061 HIGH
SAP BusinessObjects - Info Disclosure
Jan 14, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-0060 MEDIUM
SAP BusinessObjects - Code Injection
Jan 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0058 MEDIUM
SAP Basis - Authenticated Information Disclosure via Parameter Manipulation
Jan 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0053 MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Unauthenticated Information Disclosure via URL Parameter
Jan 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-32732 MEDIUM
SAP BusinessObjects - Info Disclosure
Dec 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47595 MEDIUM
SAP Host Agent - Incorrect Privilege Assignment
Nov 12, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-47594 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
Oct 08, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-45282 MEDIUM
Fields in 'Read Only' State - Info Disclosure
Oct 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45278 MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
Oct 08, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-45277 MEDIUM
SAP HANA Node.js client <2.21.31 - Prototype Pollution
Oct 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-37179 HIGH
SAP BusinessObjects BI Platform - Authenticated Arbitrary File Read
Oct 08, 2024
CVSS 7.7
EPSS 0.01
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV