sap

1,577 tracked vulnerabilities.

CVE-2025-42920 MEDIUM
SAP Supplier Relationship Management - Stored Cross-Site Scripting via Malicious Link
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42918 MEDIUM
SAP NetWeaver Application Server for ABAP - Authenticated Missing Authorization for Profile Parameters
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42911 MEDIUM
SAP NetWeaver - Authenticated Information Disclosure via Service Data Download Function Module
Sep 09, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-42936 MEDIUM
SAP NetWeaver Application Server for ABAP - Authenticated Privilege Escalation via Barcode Interface
Aug 12, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-42956 MEDIUM
SAP NetWeaver ABAP and ABAP Platform - Stored Cross-Site Scripting via Malicious Link
Jul 08, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42986 MEDIUM
SAP BASIS - Missing Authorization Check in Obsolete RFC Function Module
Jul 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-42968 MEDIUM
SAP NetWeaver - Authenticated Information Disclosure via Remote-Enabled Function Module
Jul 08, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-42988 LOW
SAP Business Objects - Info Disclosure
Jun 10, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-23192 HIGH
SAP BusinessObjects Business Intelligence - Unauthenticated Stored Cross-Site Scripting in BI Workspace
Jun 10, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-42999 CRITICAL KEV
SAP NetWeaver Visual Composer Metadata Uploader - Code Injection
May 13, 2025
CVSS 9.1
EPSS 0.13
CVE-2025-30018 HIGH
SAP Supplier Relationship Management - Unauthenticated XML External Entity Injection via Live Auction Cockpit
May 13, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-30012 CRITICAL
SAP Supplier Relationship Management - Unauthenticated Remote Code Execution via Live Auction Cockpit Deserialization
May 13, 2025
CVSS 10.0
EPSS 0.01
CVE-2025-30011 MEDIUM
SAP Supplier Relationship Management - Info Disclosure
May 13, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30010 MEDIUM
SAP Supplier Relationship Management - Open Redirect
May 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-30009 MEDIUM
SAP Supplier Relationship Management - XSS
May 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-31324 CRITICAL KEVNUCLEI
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
Apr 24, 2025
CVSS 10.0
EPSS 0.99
CVE-2025-31332 MEDIUM
SAP BusinessObjects - Privilege Escalation
Apr 08, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-25245 MEDIUM
SAP BusinessObjects Web Intelligence - XSS
Mar 11, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-24876 HIGH
SAP Approuter Node.js <v16.7.1 - Auth Bypass
Feb 11, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-23193 MEDIUM
SAP NetWeaver Server ABAP - Info Disclosure
Feb 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-0064 HIGH
SAP BusinessObjects - Privilege Escalation
Feb 11, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-0066 CRITICAL
SAP NetWeaver AS ABAP and ABAP Platform - Unauthorized Information Disclosure via Weak Access Controls
Jan 14, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-0063 HIGH
SAP NetWeaver AS ABAP & ABAP Platform - Privilege Escalation
Jan 14, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-0061 HIGH
SAP BusinessObjects - Info Disclosure
Jan 14, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-0060 MEDIUM
SAP BusinessObjects - Code Injection
Jan 14, 2025
CVSS 6.5
EPSS 0.00