sap

1,568 tracked vulnerabilities.

CVE-2017-11460 MEDIUM
SAP NetWeaver Portal 7.4 - Cross-Site Scripting via DataArchivingService Servlet Responsecode Parameter
Jul 25, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-11459 CRITICAL
SAP TREX 7.10 - Remote Code Execution via fdir Command
Jul 25, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-11458 MEDIUM
SAP NetWeaver AS JAVA 7.3 - Cross-Site Scripting via ctcprotocol/Protocol Servlet sessionID Parameter
Jul 25, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-11457 MEDIUM
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in com.sap.km.cm.ice
Jul 25, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-9845 HIGH
SAP NetWeaver 7.40 - Denial of Service via DIAG Request
Jul 12, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-9844 HIGH
SAP NetWeaver 7400.12.21.30308 - RCE/DoS
Jul 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-9843 LOW
SAP NetWeaver AS ABAP 7.40 - Authenticated Denial of Service via disp+work.exe
Jul 12, 2017
CVSS 2.7
EPSS 0.00
CVE-2017-9613 MEDIUM
SAP SuccessFactors <b1705.1234962 - XSS
Jun 15, 2017
CVSS 5.4
EPSS 0.00
CVE-2017-8915 HIGH
SAP HANA XS 1.00 and 2.00 - Denial of Service via Package Filename with Special Characters
May 23, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-8914 HIGH
SAP HANA XS - Arbitrary File Hosting via Insecure User Creation Policy
May 23, 2017
CVSS 8.3
EPSS 0.00
CVE-2017-8913 HIGH
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in Visual Composer VC70RUNTIME
May 23, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-8852 HIGH
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
May 10, 2017
CVSS 7.8
EPSS 0.02
CVE-2017-7717 HIGH
SAP NetWeaver AS Java 7.4 - SQL Injection
Apr 14, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7696 HIGH
SAP AS JAVA SSO Authentication Library <3.0 - DoS
Apr 14, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7691 CRITICAL
SAP TREX - Code Injection
Apr 11, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-6950 CRITICAL
SAP GUI for Windows 7.2-7.5 - Remote Code Execution via ABAP Code Injection
Mar 23, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-6061 MEDIUM
SAP BusinessObjects Financial Consolidation 10.0.0.1933 - Cross-Site Scripting in Help Component
Mar 16, 2017
CVSS 4.7
EPSS 0.01
CVE-2017-5997 HIGH
SAP KERNEL 7.21-7.49 - Denial of Service via Crafted Group Parameter in Message Server HTTP Daemon
Feb 15, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-5372 HIGH
SAP NetWeaver AS Java - Unauthenticated Sensitive Information Exposure via MSPRuntimeInterface Functions
Jan 23, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-6256 CRITICAL
SAP Business One for Android <1.2.3 - XSS
May 26, 2017
CVSS 9.6
EPSS 0.10
CVE-2016-6818 CRITICAL
SAP Business Intelligence Platform - SQL Injection
Apr 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-6143 CRITICAL
SAP HANA DB <1.00.73.00.389160 - RCE
Apr 13, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-10311 CRITICAL
SAP NetWeaver 7.0-7.5 - Denial of Service via SAPSTARTSRV Port Crafted Packet
Apr 10, 2017
CVSS 9.8
EPSS 0.07
CVE-2016-10310 MEDIUM
SAP SQL Anywhere < 17.0 - Authenticated Denial of Service via MobiLink Synchronization Server Packet
Apr 10, 2017
CVSS 4.9
EPSS 0.03
CVE-2016-10304 MEDIUM
SAP NetWeaver AS JAVA 7.5 - Authenticated Denial of Service via Deserialization in EP-RUNTIME Component
Apr 10, 2017
CVSS 6.5
EPSS 0.01
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV