sap
1,577 tracked vulnerabilities.
CVE-2018-2374
MEDIUM
SAP HANA Extended Application Services 1.0 - Info Disclosure
Feb 14, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-2373
HIGH
SAP HANA Extended Application Services 1.0 - Unauthenticated SQL Injection via Controller API Endpoint
Feb 14, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-2372
MEDIUM
SAP HANA Extended Application Services 1.0 - Sensitive Information Disclosure in Log File
Feb 14, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-2371
MEDIUM
SAP NetWeaver AS Java Web Application 7.50 - Cross-Site Scripting in SAML 2.0 Service Provider
Feb 14, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2370
MEDIUM
SAP BI Launchpad 4.10, 4.20, 4.30 - Server-Side Request Forgery
Feb 14, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-2369
MEDIUM
SAP HANA 1.00, 2.00 - Unauthenticated Information Disclosure via SQL Interface
Feb 14, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-2364
MEDIUM
SAP CRM WebClient UI 7.01-8.01 and S4FND 1.02 - Cross-Site Scripting via Hidden Fields
Feb 14, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2363
HIGH
SAP NetWeaver 7.00-7.02, 7.10-7.11, 7.30-7.31, 7.40, 7.50-7.52 - Unauthenticated Remote Code Execution
Jan 09, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-2362
MEDIUM
SAP HANA 1.00 and 2.00 - Unauthenticated Information Disclosure via SOAP Request
Jan 09, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-2361
HIGH
SAP Solution Manager 7.20 - Incorrect Authorization in SAP_BPO_CONFIG Role
Jan 09, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2360
HIGH
SAP KERNEL 7.45, 7.49, 7.52 - Missing Authentication for Critical Function
Jan 09, 2018
CVSS 7.5
EPSS 0.03
CVE-2017-16349
HIGH
SAP Business Planning and Consolidation - XML External Entity Injection in Reporting Functionality
Aug 02, 2018
CVSS 8.1
EPSS 0.01
CVE-2017-16691
MEDIUM
SAP BASIS -7.02,-7.11,-7.30,-7.31,-7.40,-7.52 - Code Injection
Dec 12, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-16690
HIGH
SAP Plant Connectivity 2.3,15.0 - DLL Preload
Dec 12, 2017
CVSS 7.8
EPSS 0.01
CVE-2017-16689
HIGH
SAP Kernel 7.21-7.22, 7.21EXT, 7.22EXT, 7.45, 7.49 - Improper Authentication in Trusted RFC Connection
Dec 12, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-16687
MEDIUM
SAP HANA Database 1.00, 2.00 - Unauthenticated User Enumeration via Error Messages
Dec 12, 2017
CVSS 5.3
EPSS 0.01
CVE-2017-16685
MEDIUM
SAP Business Warehouse Universal Data Integration <7.50 - XSS
Dec 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16684
CRITICAL
SAP Business Intelligence <4.30 - Auth Bypass
Dec 12, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-16683
MEDIUM
SAP Business Objects Platform - DoS
Dec 12, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-16682
HIGH
SAP NetWeaver ITS/Basis - Code Injection
Dec 12, 2017
CVSS 7.2
EPSS 0.02
CVE-2017-16681
MEDIUM
SAP Business Intelligence Promotion Management - XSS
Dec 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16680
HIGH
SAP HANA extended application services - Audit Log Injection
Dec 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-16679
MEDIUM
SAP Startup Service - Open Redirect
Dec 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16678
MEDIUM
SAP NetWeaver KMC 7.00-7.02, KMC-BC 7.30-7.50 Server-Side Request Forgery
Dec 12, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-14516
MEDIUM
SAP Business Objects Financial Consolidation <2017-06-13 - XSS
Dec 03, 2017
CVSS 6.1
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters