sap
1,577 tracked vulnerabilities.
CVE-2019-0351
HIGH
SAP NetWeaver UDDI Server 7.10-7.50 - Remote Code Execution
Aug 14, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-0348
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.2 - Cleartext Transmission of Sensitive Database Information
Aug 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0346
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.2 - Cleartext Transmission of Sensitive Information
Aug 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0345
CRITICAL
SAP NetWeaver Application Server Java 7.30, 7.31, 7.40, 7.50 - Unauthenticated Server-Side Request Forgery via XML File
Aug 14, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-0344
CRITICAL
KEV
SAP Commerce Cloud 6.4-6.7, 1808-1905 - Remote Code Execution via Unsafe Deserialization in virtualjdbc Extension
Aug 14, 2019
CVSS 9.8
EPSS 0.07
CVE-2019-0343
HIGH
SAP Commerce Cloud 6.4-6.7, 1808-1905 - Authenticated Code Injection via Mediaconversion Extension
Aug 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0341
HIGH
SAP Enable Now 1902 - Session Cookie HttpOnly Flag Missing
Aug 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0340
MEDIUM
SAP Enable Now < 1902 - XML External Entity Injection via File Upload
Aug 14, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0338
MEDIUM
SAP Gateway 750-753 - Information Disclosure via Improper HTTP Header Handling
Aug 14, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0337
MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Reflected Cross-Site Scripting via URL Parameter
Aug 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0335
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Stored Cross-Site Scripting in User Description Field
Aug 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0334
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Stored Cross-Site Scripting in BI Workspace Module
Aug 14, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0333
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.2, 4.3 - Information Disclosure via Query Cancellation
Aug 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0332
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Cross-Site Scripting via Info View Search Keyword
Aug 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0331
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Information Disclosure via Directory Structure Access
Aug 14, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0330
CRITICAL
SAP Diagnostic Agent 7.2 - OS Command Injection via OS Command Plugin
Jul 10, 2019
CVSS 9.1
EPSS 0.02
CVE-2019-0329
MEDIUM
SAP Information Steward 4.2 - Cross-Site Scripting
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0328
HIGH
SAP NetWeaver Process Integration - OS Command Injection
Jul 10, 2019
CVSS 7.2
EPSS 0.03
CVE-2019-0327
HIGH
SAP NetWeaver Application Server Java 7.1-7.5 - Unrestricted Upload of File with Dangerous Type
Jul 10, 2019
CVSS 7.2
EPSS 0.02
CVE-2019-0326
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Cross-Site Scripting
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0325
MEDIUM
SAP ERP HCM 3 - Missing Authorization for Payroll Data Report
Jul 10, 2019
CVSS 4.2
EPSS 0.01
CVE-2019-0322
HIGH
SAP Commerce Cloud 6.3-6.7, 1808, 1811 - Denial of Service
Jul 10, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-0321
MEDIUM
SAP NetWeaver AS ABAP 7.31, 7.4, 7.5 - Cross-Site Scripting
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0319
HIGH
SAP Gateway 7.5-7.53 - Content Spoofing via Error Message Injection
Jul 10, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-0318
MEDIUM
SAP NetWeaver Application Server for Java - Info Disclosure
Jul 10, 2019
CVSS 5.3
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters