sap

1,577 tracked vulnerabilities.

CVE-2024-41731 LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Unrestricted Upload of File with Dangerous Type
Aug 13, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-41730 CRITICAL
SAP BusinessObjects Business Intelligence Platform - Unauthenticated Missing Authorization via REST Endpoint
Aug 13, 2024
CVSS 9.8
EPSS 0.76
CVE-2024-33005 MEDIUM
SAP NetWeaver ABAP and Java, Content Server - Missing Authorization
Aug 13, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-33003 HIGH
SAP Commerce Cloud - Exposure of Sensitive Information via OCC API Endpoint URL Parameters
Aug 13, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-28166 LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Unrestricted Upload of File with Dangerous Type
Aug 13, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-39600 MEDIUM
SAP GUI for Windows - Unauthenticated Exposure of Sensitive Information via Memory
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-39599 MEDIUM
SAP Basis - Protection Mechanism Failure in Malware Scanner API
Jul 09, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-39595 MEDIUM
SAP Business Warehouse - Stored Cross-Site Scripting in Business Planning and Simulation
Jul 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39594 MEDIUM
SAP Business Warehouse - Reflected Cross-Site Scripting
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37180 MEDIUM
SAP Basis - Unauthenticated Exposure of Sensitive Information via Remote-Enabled Function Module
Jul 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-37175 MEDIUM
SAP CRM WebClient UI - Missing Authorization Check
Jul 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-37172 MEDIUM
SAP S/4HANA Finance - Authenticated Privilege Escalation via Advanced Payment Management
Jul 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-37171 MEDIUM
SAP Transportation Management Collaboration Portal - Server-Side Request Forgery
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-34692 LOW
SAP Enable Now - Authenticated Unrestricted Upload of Executable Files
Jul 09, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-34689 MEDIUM
SAP Business Workflow WebFlow - Authenticated Internal Endpoint Enumeration
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-39598 MEDIUM
SAP CRM WebClient UI Framework - Authenticated Server-Side Request Forgery
Jul 09, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-39593 MEDIUM
SAP Landscape Management - Authenticated Exposure of Sensitive Information via REST Provider Definition Response
Jul 09, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-39592 HIGH
SAP S4CORE - Missing Authorization Leading to Privilege Escalation
Jul 09, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-37174 MEDIUM
SAP Customer Relationship Management WebClient UI - Cross-Site Scripting via Custom CSS Support
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37173 MEDIUM
SAP CRM WebClient UI - Unauthenticated Stored Cross-Site Scripting via Crafted URL
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34685 MEDIUM
SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) - Stored Cross-Site Scripting in XMLEditor
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37176 MEDIUM
SAP BW/4HANA - Authenticated Privilege Escalation via Improper Authorization Checks in DTP
Jun 11, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-34691 MEDIUM
SAP S/4HANA - Missing Authorization in Manage Incoming Payment Files
Jun 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-34690 MEDIUM
SAP Student Life Cycle Management - Missing Authorization
Jun 11, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-34688 HIGH
SAP NetWeaver AS Java - Denial of Service via Meta Model Repository Services
Jun 11, 2024
CVSS 7.5
EPSS 0.01