sap
1,577 tracked vulnerabilities.
CVE-2025-0058
MEDIUM
SAP Basis - Authenticated Information Disclosure via Parameter Manipulation
Jan 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0053
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Unauthenticated Information Disclosure via URL Parameter
Jan 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-32732
MEDIUM
SAP BusinessObjects - Info Disclosure
Dec 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47595
MEDIUM
SAP Host Agent - Incorrect Privilege Assignment
Nov 12, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-47594
MEDIUM
SAP NetWeaver Enterprise Portal - XSS
Oct 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45282
MEDIUM
Fields in 'Read Only' State - Info Disclosure
Oct 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45278
MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
Oct 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45277
MEDIUM
SAP HANA Node.js client <2.21.31 - Prototype Pollution
Oct 08, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-37179
HIGH
SAP BusinessObjects BI Platform - Authenticated Arbitrary File Read
Oct 08, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-45281
MEDIUM
SAP BusinessObjects - Privilege Escalation
Sep 10, 2024
CVSS 5.8
EPSS 0.00
CVE-2024-44112
MEDIUM
SAP for Oil & Gas (Transportation and Distribution) - Authenticated Missing Authorization Check
Sep 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-41728
LOW
SAP NetWeaver Application Server ABAP - Missing Authorization Check for Package Object Access
Sep 10, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-44114
LOW
SAP NetWeaver Application Server ABAP - Unauthorized Data Exposure via High Privilege Program Execution
Sep 10, 2024
CVSS 2.0
EPSS 0.00
CVE-2024-42373
MEDIUM
SAP Student Life Cycle Management - Missing Authorization
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-41734
MEDIUM
SAP NetWeaver Application Server ABAP - Authenticated Information Disclosure via Missing Authorization
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39591
MEDIUM
SAP Document Builder - Missing Authorization
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42377
MEDIUM
SAP Shared Service Framework - Authenticated Missing Authorization in Remote-Enabled Function
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42376
MEDIUM
SAP Shared Service Framework - Privilege Escalation
Aug 13, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-42375
MEDIUM
SAP BusinessObjects Business Intelligence - Code Injection
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42374
HIGH
BEx Web Java Runtime Export Web Service - Info Disclosure
Aug 13, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-41737
MEDIUM
SAP CRM ABAP Insights Management - Authenticated Server-Side Request Forgery
Aug 13, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-41736
MEDIUM
SAP Permit to Work - Authenticated Exposure of Sensitive Information
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-41735
MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
Aug 13, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-41733
MEDIUM
SAP Commerce - Unauthenticated User Enumeration via Registration and Login Processes
Aug 13, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41732
MEDIUM
SAP NetWeaver Application Server ABAP - Unauthenticated CSS Injection via URL Link
Aug 13, 2024
CVSS 4.7
EPSS 0.00
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters