Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / sap

sap

1,568 tracked vulnerabilities.

CVE-2024-37180 MEDIUM

SAP Basis - Unauthenticated Exposure of Sensitive Information via Remote-Enabled Function Module

CVE-2024-37175 MEDIUM

SAP CRM WebClient UI - Missing Authorization Check

CVE-2024-37172 MEDIUM

SAP S/4HANA Finance - Authenticated Privilege Escalation via Advanced Payment Management

CVE-2024-37171 MEDIUM

SAP Transportation Management Collaboration Portal - Server-Side Request Forgery

CVE-2024-34692 LOW

SAP Enable Now - Authenticated Unrestricted Upload of Executable Files

CVE-2024-34689 MEDIUM

SAP Business Workflow WebFlow - Authenticated Internal Endpoint Enumeration

CVE-2024-39598 MEDIUM

SAP CRM WebClient UI Framework - Authenticated Server-Side Request Forgery

CVE-2024-39593 MEDIUM

SAP Landscape Management - Authenticated Exposure of Sensitive Information via REST Provider Definition Response

CVE-2024-39592 HIGH

SAP S4CORE - Missing Authorization Leading to Privilege Escalation

CVE-2024-37174 MEDIUM

SAP Customer Relationship Management WebClient UI - Cross-Site Scripting via Custom CSS Support

CVE-2024-37173 MEDIUM

SAP CRM WebClient UI - Unauthenticated Stored Cross-Site Scripting via Crafted URL

CVE-2024-34685 MEDIUM

SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) - Stored Cross-Site Scripting in XMLEditor

CVE-2024-37176 MEDIUM

SAP BW/4HANA - Authenticated Privilege Escalation via Improper Authorization Checks in DTP

CVE-2024-34691 MEDIUM

SAP S/4HANA - Missing Authorization in Manage Incoming Payment Files

CVE-2024-34690 MEDIUM

SAP Student Life Cycle Management - Missing Authorization

CVE-2024-34688 HIGH

SAP NetWeaver AS Java - Denial of Service via Meta Model Repository Services

CVE-2024-34686 MEDIUM

SAP Customer Relationship Management WebClient UI - Unauthenticated Stored Cross-Site Scripting via Crafted URL

CVE-2024-34684 LOW

SAP BusinessObjects Business Intelligence Platform - Authenticated Local Account Password Exposure

CVE-2024-34683 MEDIUM

SAP Document Builder - Authenticated Unrestricted Upload of File with Dangerous Type

CVE-2024-33001 MEDIUM

SAP NetWeaver and ABAP Platform - Denial of Service

CVE-2024-28164 MEDIUM

SAP NetWeaver AS Java - Unauthenticated Exposure of Sensitive Information via CAF Guided Procedures

CVE-2024-34687 MEDIUM

SAP NetWeaver Application Server for ABAP and ABAP Platform - Cross-Site Scripting

CVE-2024-33004 MEDIUM

SAP Business Objects - Info Disclosure

CVE-2024-28165 HIGH

SAP BusinessObjects Business Intelligence Platform - Stored Cross-Site Scripting via Opendocument URL Parameter

CVE-2024-27898 MEDIUM

SAP NetWeaver - Server-Side Request Forgery via Crafted Request

Previous Page 5 of 63 Next

Products

3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy