sap

1,577 tracked vulnerabilities.

CVE-2025-0058 MEDIUM
SAP Basis - Authenticated Information Disclosure via Parameter Manipulation
Jan 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0053 MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Unauthenticated Information Disclosure via URL Parameter
Jan 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-32732 MEDIUM
SAP BusinessObjects - Info Disclosure
Dec 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47595 MEDIUM
SAP Host Agent - Incorrect Privilege Assignment
Nov 12, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-47594 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
Oct 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45282 MEDIUM
Fields in 'Read Only' State - Info Disclosure
Oct 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45278 MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
Oct 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45277 MEDIUM
SAP HANA Node.js client <2.21.31 - Prototype Pollution
Oct 08, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-37179 HIGH
SAP BusinessObjects BI Platform - Authenticated Arbitrary File Read
Oct 08, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-45281 MEDIUM
SAP BusinessObjects - Privilege Escalation
Sep 10, 2024
CVSS 5.8
EPSS 0.00
CVE-2024-44112 MEDIUM
SAP for Oil & Gas (Transportation and Distribution) - Authenticated Missing Authorization Check
Sep 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-41728 LOW
SAP NetWeaver Application Server ABAP - Missing Authorization Check for Package Object Access
Sep 10, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-44114 LOW
SAP NetWeaver Application Server ABAP - Unauthorized Data Exposure via High Privilege Program Execution
Sep 10, 2024
CVSS 2.0
EPSS 0.00
CVE-2024-42373 MEDIUM
SAP Student Life Cycle Management - Missing Authorization
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-41734 MEDIUM
SAP NetWeaver Application Server ABAP - Authenticated Information Disclosure via Missing Authorization
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39591 MEDIUM
SAP Document Builder - Missing Authorization
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42377 MEDIUM
SAP Shared Service Framework - Authenticated Missing Authorization in Remote-Enabled Function
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42376 MEDIUM
SAP Shared Service Framework - Privilege Escalation
Aug 13, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-42375 MEDIUM
SAP BusinessObjects Business Intelligence - Code Injection
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42374 HIGH
BEx Web Java Runtime Export Web Service - Info Disclosure
Aug 13, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-41737 MEDIUM
SAP CRM ABAP Insights Management - Authenticated Server-Side Request Forgery
Aug 13, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-41736 MEDIUM
SAP Permit to Work - Authenticated Exposure of Sensitive Information
Aug 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-41735 MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
Aug 13, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-41733 MEDIUM
SAP Commerce - Unauthenticated User Enumeration via Registration and Login Processes
Aug 13, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41732 MEDIUM
SAP NetWeaver Application Server ABAP - Unauthenticated CSS Injection via URL Link
Aug 13, 2024
CVSS 4.7
EPSS 0.00