sap
1,577 tracked vulnerabilities.
CVE-2019-0244
MEDIUM
SAP CRM WebClient UI - Cross-Site Scripting via User-Controlled Input
Jan 08, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0243
HIGH
SAP BW/4HANA - Authenticated Privilege Escalation via Masterdata Maintenance
Jan 08, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-0241
HIGH
SAP Work and Inventory Manager <7.0, 7.1 - DoS
Jan 08, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0240
HIGH
SAP Business Objects Mobile <6.3.5 - DoS
Jan 08, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0238
MEDIUM
SAP Hybris < 6.7 - Cross-Site Scripting
Jan 08, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-17865
MEDIUM
SAP J2EE Engine 7.01 - Cross-Site Scripting via wsdlPath Parameter
Aug 09, 2021
CVSS 6.1
EPSS 0.01
CVE-2018-17862
MEDIUM
SAP J2EE Engine 7.01 - Cross-Site Scripting via Fiori TestJDBC sys_jdbc Parameter
Aug 09, 2021
CVSS 6.1
EPSS 0.01
CVE-2018-17861
MEDIUM
SAP J2EE Engine/7.01/Portal/EPP - XSS
Aug 09, 2021
CVSS 6.1
EPSS 0.02
CVE-2018-2499
HIGH
SAP Financial Consolidation Cube Designer <8.0,10.1 - Info Disclosure
Jan 08, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-2484
HIGH
SAP Enterprise Financial Services - Missing Authorization
Jan 08, 2019
CVSS 8.8
EPSS 0.01
CVE-2018-2505
MEDIUM
SAP Hybris Commerce - Cross-Site Scripting in Storefront
Dec 11, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2504
MEDIUM
SAP NetWeaver AS Java Web Container - XSS
Dec 11, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2503
HIGH
SAP NetWeaver AS Java - Info Disclosure
Dec 11, 2018
CVSS 7.4
EPSS 0.01
CVE-2018-2502
MEDIUM
SAP Business One Service Layer <9.2-9.3 - XSS
Dec 11, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2500
MEDIUM
SAP Mobile Secure <6.60.19942.0 SP28 1711 - Info Disclosure
Dec 11, 2018
CVSS 4.7
EPSS 0.00
CVE-2018-2497
LOW
SAP HANA 1.0 and 2.0 - Incomplete Security Audit Logging for SELECT Events in CREATE TABLE AS SELECT Statements
Dec 11, 2018
CVSS 2.7
EPSS 0.01
CVE-2018-2494
HIGH
SAP Business Application Software Integrated Solution 7.00-7.02 - Authenticated Privilege Escalation
Dec 11, 2018
CVSS 8.0
EPSS 0.01
CVE-2018-2492
HIGH
SAP NetWeaver AS Java - XML External Entity Injection in SAML 2.0
Dec 11, 2018
CVSS 7.1
EPSS 0.01
CVE-2018-2486
MEDIUM
SAP Marketing UICUAN 1.20-1.40 and SAPSCORE 1.13-1.14 - Cross-Site Scripting
Dec 11, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-2491
HIGH
SAP Fiori Client < 1.11.5 - Stored Cross-Site Scripting via Deep Link URL Logging
Nov 13, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-2490
HIGH
SAP Fiori Client < 1.11.5 - Unprotected Broadcast Message Exposure
Nov 13, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-2489
HIGH
SAP Fiori Client < 1.11.5 - Unauthenticated SSO Configuration Deletion
Nov 13, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-2488
HIGH
SAP Fiori Client < 1.11.5 - Denial of Service via Malicious Local Push Notification
Nov 13, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-2487
HIGH
SAP Disclosure Mgmt 10.x - Path Traversal
Nov 13, 2018
CVSS 8.3
EPSS 0.02
CVE-2018-2485
HIGH
SAP Fiori Client < 1.11.5 - JavaScript Execution via Malicious Application
Nov 13, 2018
CVSS 7.7
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters