sap

1,568 tracked vulnerabilities.

CVE-2018-2484 HIGH
SAP Enterprise Financial Services - Missing Authorization
Jan 08, 2019
CVSS 8.8
EPSS 0.00
CVE-2018-2505 MEDIUM
SAP Hybris Commerce - Cross-Site Scripting in Storefront
Dec 11, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-2504 MEDIUM
SAP NetWeaver AS Java Web Container - XSS
Dec 11, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-2503 HIGH
SAP NetWeaver AS Java - Info Disclosure
Dec 11, 2018
CVSS 7.4
EPSS 0.00
CVE-2018-2502 MEDIUM
SAP Business One Service Layer <9.2-9.3 - XSS
Dec 11, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-2500 MEDIUM
SAP Mobile Secure <6.60.19942.0 SP28 1711 - Info Disclosure
Dec 11, 2018
CVSS 4.7
EPSS 0.00
CVE-2018-2497 LOW
SAP HANA 1.0 and 2.0 - Incomplete Security Audit Logging for SELECT Events in CREATE TABLE AS SELECT Statements
Dec 11, 2018
CVSS 2.7
EPSS 0.00
CVE-2018-2494 HIGH
SAP Business Application Software Integrated Solution 7.00-7.02 - Authenticated Privilege Escalation
Dec 11, 2018
CVSS 8.0
EPSS 0.00
CVE-2018-2492 HIGH
SAP NetWeaver AS Java - XML External Entity Injection in SAML 2.0
Dec 11, 2018
CVSS 7.1
EPSS 0.00
CVE-2018-2486 MEDIUM
SAP Marketing UICUAN 1.20-1.40 and SAPSCORE 1.13-1.14 - Cross-Site Scripting
Dec 11, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-2491 HIGH
SAP Fiori Client < 1.11.5 - Stored Cross-Site Scripting via Deep Link URL Logging
Nov 13, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-2490 HIGH
SAP Fiori Client < 1.11.5 - Unprotected Broadcast Message Exposure
Nov 13, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-2489 HIGH
SAP Fiori Client < 1.11.5 - Unauthenticated SSO Configuration Deletion
Nov 13, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-2488 HIGH
SAP Fiori Client < 1.11.5 - Denial of Service via Malicious Local Push Notification
Nov 13, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-2487 HIGH
SAP Disclosure Mgmt 10.x - Path Traversal
Nov 13, 2018
CVSS 8.3
EPSS 0.01
CVE-2018-2485 HIGH
SAP Fiori Client < 1.11.5 - JavaScript Execution via Malicious Application
Nov 13, 2018
CVSS 7.7
EPSS 0.00
CVE-2018-2483 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.2 - HTTP Verb Tampering in Central Management Console
Nov 13, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-2482 HIGH
SAP Mobile Secure <6.60.19942.0 - DoS
Nov 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-2481 HIGH
SAP Advanced Business Application Pro... - Improper Privilege Management
Nov 13, 2018
CVSS 7.2
EPSS 0.00
CVE-2018-2479 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.2 - Cross-Site Scripting
Nov 13, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-2478 HIGH
SAP Basis 7.0-7.02, 7.10-7.11, 7.30, 7.31, 7.40, 7.50-7.53 - OS Command Injection via TREX/BWA Input
Nov 13, 2018
CVSS 7.2
EPSS 0.00
CVE-2018-2477 HIGH
SAP NetWeaver <7.51 - Info Disclosure
Nov 13, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2476 MEDIUM
SAP NetWeaver 7.30, 7.31, 7.40 - Open Redirect via Insufficient URL Validation
Nov 13, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-2473 MEDIUM
SAP BusinessObjects BI Platform 4.1-4.2 - DoS via Web Intelligence Richclient Gateway
Nov 13, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-2474 MEDIUM
SAP Fiori 1.0 for SAP ERP HCM - Cross-Site Request Forgery in Approve Leave Request App
Oct 09, 2018
CVSS 6.5
EPSS 0.00
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV