sap

1,568 tracked vulnerabilities.

CVE-2018-2361 HIGH
SAP Solution Manager 7.20 - Incorrect Authorization in SAP_BPO_CONFIG Role
Jan 09, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-2360 HIGH
SAP KERNEL 7.45, 7.49, 7.52 - Missing Authentication for Critical Function
Jan 09, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-16349 HIGH
SAP Business Planning and Consolidation - XML External Entity Injection in Reporting Functionality
Aug 02, 2018
CVSS 8.1
EPSS 0.00
CVE-2017-16691 MEDIUM
SAP BASIS -7.02,-7.11,-7.30,-7.31,-7.40,-7.52 - Code Injection
Dec 12, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-16690 HIGH
SAP Plant Connectivity 2.3,15.0 - DLL Preload
Dec 12, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-16689 HIGH
SAP Kernel 7.21-7.22, 7.21EXT, 7.22EXT, 7.45, 7.49 - Improper Authentication in Trusted RFC Connection
Dec 12, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-16687 MEDIUM
SAP HANA Database 1.00, 2.00 - Unauthenticated User Enumeration via Error Messages
Dec 12, 2017
CVSS 5.3
EPSS 0.01
CVE-2017-16685 MEDIUM
SAP Business Warehouse Universal Data Integration <7.50 - XSS
Dec 12, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-16684 CRITICAL
SAP Business Intelligence <4.30 - Auth Bypass
Dec 12, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-16683 MEDIUM
SAP Business Objects Platform - DoS
Dec 12, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-16682 HIGH
SAP NetWeaver ITS/Basis - Code Injection
Dec 12, 2017
CVSS 7.2
EPSS 0.01
CVE-2017-16681 MEDIUM
SAP Business Intelligence Promotion Management - XSS
Dec 12, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-16680 HIGH
SAP HANA extended application services - Audit Log Injection
Dec 12, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-16679 MEDIUM
SAP Startup Service - Open Redirect
Dec 12, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-16678 MEDIUM
SAP NetWeaver KMC 7.00-7.02, KMC-BC 7.30-7.50 Server-Side Request Forgery
Dec 12, 2017
CVSS 4.7
EPSS 0.00
CVE-2017-14516 MEDIUM
SAP Business Objects Financial Consolidation <2017-06-13 - XSS
Dec 03, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-15297 HIGH
SAP Host Agent - Unauthenticated Improper Authentication via SOAP SAPControl Endpoint
Oct 16, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-15296 HIGH
SAP Customer Relationship Management - Cross-Site Request Forgery
Oct 16, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-15295 CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Arbitrary File Access
Oct 16, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-15294 MEDIUM
SAP Customer Relationship Management - Cross-Site Scripting in Java Administration Console
Oct 16, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-15293 CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Improper Authentication
Oct 16, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-10701 MEDIUM
SAP Enterprise Portal < 7.50 - Cross-Site Scripting
Sep 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-14581 HIGH
SAP NetWeaver AS Java 7.0-7.5 - Denial of Service via Host Control Web Service
Sep 19, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-14511 HIGH
SAP E-Recruiting <617 - Auth Bypass
Sep 17, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-12637 HIGH KEVNUCLEI
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
Aug 07, 2017
CVSS 7.5
EPSS 0.93
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV