sap
1,577 tracked vulnerabilities.
CVE-2024-41731
LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Unrestricted Upload of File with Dangerous Type
Aug 13, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-41730
CRITICAL
SAP BusinessObjects Business Intelligence Platform - Unauthenticated Missing Authorization via REST Endpoint
Aug 13, 2024
CVSS 9.8
EPSS 0.76
CVE-2024-33005
MEDIUM
SAP NetWeaver ABAP and Java, Content Server - Missing Authorization
Aug 13, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-33003
HIGH
SAP Commerce Cloud - Exposure of Sensitive Information via OCC API Endpoint URL Parameters
Aug 13, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-28166
LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Unrestricted Upload of File with Dangerous Type
Aug 13, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-39600
MEDIUM
SAP GUI for Windows - Unauthenticated Exposure of Sensitive Information via Memory
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-39599
MEDIUM
SAP Basis - Protection Mechanism Failure in Malware Scanner API
Jul 09, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-39595
MEDIUM
SAP Business Warehouse - Stored Cross-Site Scripting in Business Planning and Simulation
Jul 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39594
MEDIUM
SAP Business Warehouse - Reflected Cross-Site Scripting
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37180
MEDIUM
SAP Basis - Unauthenticated Exposure of Sensitive Information via Remote-Enabled Function Module
Jul 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-37175
MEDIUM
SAP CRM WebClient UI - Missing Authorization Check
Jul 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-37172
MEDIUM
SAP S/4HANA Finance - Authenticated Privilege Escalation via Advanced Payment Management
Jul 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-37171
MEDIUM
SAP Transportation Management Collaboration Portal - Server-Side Request Forgery
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-34692
LOW
SAP Enable Now - Authenticated Unrestricted Upload of Executable Files
Jul 09, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-34689
MEDIUM
SAP Business Workflow WebFlow - Authenticated Internal Endpoint Enumeration
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-39598
MEDIUM
SAP CRM WebClient UI Framework - Authenticated Server-Side Request Forgery
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-39593
MEDIUM
SAP Landscape Management - Authenticated Exposure of Sensitive Information via REST Provider Definition Response
Jul 09, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-39592
HIGH
SAP S4CORE - Missing Authorization Leading to Privilege Escalation
Jul 09, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-37174
MEDIUM
SAP Customer Relationship Management WebClient UI - Cross-Site Scripting via Custom CSS Support
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37173
MEDIUM
SAP CRM WebClient UI - Unauthenticated Stored Cross-Site Scripting via Crafted URL
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34685
MEDIUM
SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) - Stored Cross-Site Scripting in XMLEditor
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37176
MEDIUM
SAP BW/4HANA - Authenticated Privilege Escalation via Improper Authorization Checks in DTP
Jun 11, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-34691
MEDIUM
SAP S/4HANA - Missing Authorization in Manage Incoming Payment Files
Jun 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-34690
MEDIUM
SAP Student Life Cycle Management - Missing Authorization
Jun 11, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-34688
HIGH
SAP NetWeaver AS Java - Denial of Service via Meta Model Repository Services
Jun 11, 2024
CVSS 7.5
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters