sap
1,577 tracked vulnerabilities.
CVE-2017-15297
HIGH
SAP Host Agent - Unauthenticated Improper Authentication via SOAP SAPControl Endpoint
Oct 16, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-15296
HIGH
SAP Customer Relationship Management - Cross-Site Request Forgery
Oct 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-15295
CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Arbitrary File Access
Oct 16, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-15294
MEDIUM
SAP Customer Relationship Management - Cross-Site Scripting in Java Administration Console
Oct 16, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-15293
CRITICAL
SAP Point of Sale Xpress Server - Unauthenticated Improper Authentication
Oct 16, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-10701
MEDIUM
SAP Enterprise Portal < 7.50 - Cross-Site Scripting
Sep 29, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-14581
HIGH
SAP NetWeaver AS Java 7.0-7.5 - Denial of Service via Host Control Web Service
Sep 19, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-14511
HIGH
SAP E-Recruiting <617 - Auth Bypass
Sep 17, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-12637
HIGH
KEVNUCLEI
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
Aug 07, 2017
CVSS 7.5
EPSS 0.95
CVE-2017-11460
MEDIUM
SAP NetWeaver Portal 7.4 - Cross-Site Scripting via DataArchivingService Servlet Responsecode Parameter
Jul 25, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-11459
CRITICAL
SAP TREX 7.10 - Remote Code Execution via fdir Command
Jul 25, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-11458
MEDIUM
SAP NetWeaver AS JAVA 7.3 - Cross-Site Scripting via ctcprotocol/Protocol Servlet sessionID Parameter
Jul 25, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-11457
MEDIUM
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in com.sap.km.cm.ice
Jul 25, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-9845
HIGH
SAP NetWeaver 7.40 - Denial of Service via DIAG Request
Jul 12, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-9844
HIGH
SAP NetWeaver 7400.12.21.30308 - RCE/DoS
Jul 12, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-9843
LOW
SAP NetWeaver AS ABAP 7.40 - Authenticated Denial of Service via disp+work.exe
Jul 12, 2017
CVSS 2.7
EPSS 0.02
CVE-2017-9613
MEDIUM
SAP SuccessFactors <b1705.1234962 - XSS
Jun 15, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-8915
HIGH
SAP HANA XS 1.00 and 2.00 - Denial of Service via Package Filename with Special Characters
May 23, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-8914
HIGH
SAP HANA XS - Arbitrary File Hosting via Insecure User Creation Policy
May 23, 2017
CVSS 8.3
EPSS 0.01
CVE-2017-8913
HIGH
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection in Visual Composer VC70RUNTIME
May 23, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-8852
HIGH
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
May 10, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-7717
HIGH
SAP NetWeaver AS Java 7.4 - SQL Injection
Apr 14, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-7696
HIGH
SAP AS JAVA SSO Authentication Library <3.0 - DoS
Apr 14, 2017
CVSS 7.5
EPSS 0.36
CVE-2017-7691
CRITICAL
SAP TREX - Code Injection
Apr 11, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-6950
CRITICAL
SAP GUI for Windows 7.2-7.5 - Remote Code Execution via ABAP Code Injection
Mar 23, 2017
CVSS 9.8
EPSS 0.04
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters