sap
1,577 tracked vulnerabilities.
CVE-2019-0281
MEDIUM
SAP OpenUI5 < 1.38.39 - Cross-Site Scripting via Insufficient Input Encoding
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0316
MEDIUM
SAP NetWeaver Process Integration - Authenticated Reflected Cross-Site Scripting via Servlet Injection
Jun 14, 2019
CVSS 4.8
EPSS 0.01
CVE-2019-0303
MEDIUM
SAP BusinessObjects BI Platform 4.2, 4.3 - XSS via BILogon/appService.jsp errMsg
Jun 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0315
HIGH
SAP NetWeaver Process Integration - Information Disclosure via PI Integration Builder Web UI
Jun 12, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-0314
MEDIUM
SAP Work Manager 6.3-6.5 and Inventory Manager 4.3 - Denial of Service
Jun 12, 2019
CVSS 5.5
EPSS 0.01
CVE-2019-0312
MEDIUM
SAP NetWeaver Process Integration - Unauthenticated Information Disclosure via Unprotected Web Pages
Jun 12, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0311
MEDIUM
SAP R/3 Enterprise 600-606, 616-617 - Cross-Site Scripting in Automotive Dealer Portal
Jun 12, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0308
MEDIUM
SAP E-Commerce 7.3, 7.31, 7.32, 7.33, 7.54 - Authenticated Stored Cross-Site Scripting
Jun 12, 2019
CVSS 6.8
EPSS 0.01
CVE-2019-0307
LOW
SAP Solution Manager 7.2 - Missing Encryption of Sensitive Data in Diagnostics Agent
Jun 12, 2019
CVSS 2.4
EPSS 0.02
CVE-2019-0306
MEDIUM
SAP HANA Extended Application Services - Authenticated Information Disclosure
Jun 12, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-0305
MEDIUM
SAP NetWeaver Process Integration <7.40 - XSS
Jun 12, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-0304
CRITICAL
SAP NetWeaver AS ABAP Platform - Remote Code Execution via FTP Function
Jun 12, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-0301
HIGH
SAP Identity Management - Improper Privilege Management via REST Interface Version 2
May 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0298
MEDIUM
SAP E-Commerce - Cross-Site Scripting
May 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0293
MEDIUM
SAP Solution Manager System - Missing Authorization for RFC Destination Access
May 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0291
MEDIUM
Solution Manager 7.2 - Info Disclosure
May 14, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-0289
HIGH
SAP BusinessObjects <4.3 - Info Disclosure
May 14, 2019
CVSS 7.1
EPSS 0.01
CVE-2019-0287
HIGH
SAP BusinessObjects <4.3 - Info Disclosure
May 14, 2019
CVSS 7.6
EPSS 0.02
CVE-2019-0280
HIGH
SAP Treasury and Risk Management - Missing Authorization for T_DEAL_DP and T_DEAL_PD
May 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0285
CRITICAL
SAP Crystal Reports for Visual Studio - Cleartext Storage of Sensitive Database Credentials
Apr 10, 2019
CVSS 9.8
EPSS 0.07
CVE-2019-0284
MEDIUM
SAP HANA - XML External Entity Injection via SLDREG
Apr 10, 2019
CVSS 6.0
EPSS 0.00
CVE-2019-0283
HIGH
SAP NetWeaver Process Integration - Digital Signature Spoofing via PI Axis Adapter
Apr 10, 2019
CVSS 7.1
EPSS 0.01
CVE-2019-0282
MEDIUM
SAP NetWeaver Process Integration - Unauthenticated Information Disclosure in Runtime Workbench
Apr 10, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0279
HIGH
SAP BASIS - Authenticated Privilege Escalation via ABAP Function Modules
Apr 10, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0278
MEDIUM
SAP NetWeaver Process Integration - Information Disclosure via Monitoring Servlet
Apr 10, 2019
CVSS 4.3
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters