sap
1,577 tracked vulnerabilities.
CVE-2019-0277
MEDIUM
SAP HANA Extended Application Services 1 - Authenticated XML External Entity Injection
Mar 12, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-0276
HIGH
Banking services from SAP 9.0 and SAP S/4HANA Financial Products Subledger 1 - Incorrect Authorization
Mar 12, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-0275
MEDIUM
SAP NetWeaver AS Java 7.10-7.50 - XSS in SAML 1.1 SSO Demo App
Mar 12, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0274
HIGH
SAP Mobile Platform SDK - Denial of Service
Mar 12, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0271
MEDIUM
SAP ABAP Server and ABAP Platform - XML External Entity Injection via Untrusted XML Document
Mar 12, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0270
HIGH
SAP ABAP Server and ABAP Platform - Missing Authorization
Mar 12, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0269
MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.10-4.20 - Cross-Site Scripting
Mar 12, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0268
HIGH
SAP BusinessObjects <4.30 - Info Disclosure
Mar 12, 2019
CVSS 8.1
EPSS 0.02
CVE-2019-0267
HIGH
SAP Manufacturing Integration and Intelligence 15.0-15.2 - Cross-Site Request Forgery in Illuminator Servlet
Feb 15, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0266
HIGH
SAP HANA Extended Application Services 1.0 - Sensitive Information Disclosure in Trace File
Feb 15, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0265
MEDIUM
SAP ABAP Platform Kernel 7.21-7.22 - Denial of Service via SLD Registration
Feb 15, 2019
CVSS 4.9
EPSS 0.02
CVE-2019-0262
MEDIUM
SAP BusinessObjects BI Platform 4.10, 4.20 - Cross-Site Scripting in HTML Report Generation
Feb 15, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0261
CRITICAL
SAP Landscape Management - Missing Authentication for Critical Function
Feb 15, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-0259
CRITICAL
SAP BusinessObjects 4.2-4.3 - Unrestricted Upload of File with Dangerous Type
Feb 15, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-0258
HIGH
SAP Disclosure Management 10.01 - Authenticated Privilege Escalation
Feb 15, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0257
HIGH
SAP Netweaver Application Server Abap < 7.02 - Missing Authorization
Feb 15, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0256
MEDIUM
SAP Business One Mobile <1.2.12 - Info Disclosure
Feb 15, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-0255
HIGH
SAP NetWeaver AS ABAP Platform Kernel 7.73-7.75 - Privilege Escalation via Improper Installation Type Validation
Feb 15, 2019
CVSS 8.1
EPSS 0.02
CVE-2019-0254
MEDIUM
SAP Disclosure Management < 10.1 - Cross-Site Scripting
Feb 15, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0251
MEDIUM
SAP BusinessObjects - Cross-Site Scripting in Fiori Launchpad
Feb 15, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0249
HIGH
SAP Landscape Management - Info Disclosure
Jan 08, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0248
MEDIUM
SAP NetWeaver - Information Disclosure
Jan 08, 2019
CVSS 5.9
EPSS 0.02
CVE-2019-0247
CRITICAL
SAP Cloud Connector < 2.11.3 - Code Injection
Jan 08, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-0246
CRITICAL
SAP Cloud Connector < 2.11.3 - Missing Authentication for Critical Function
Jan 08, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-0245
MEDIUM
SAP CRM WebClient UI - Cross-Site Scripting
Jan 08, 2019
CVSS 5.4
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters