sap
1,577 tracked vulnerabilities.
CVE-2017-6061
MEDIUM
SAP BusinessObjects Financial Consolidation 10.0.0.1933 - Cross-Site Scripting in Help Component
Mar 16, 2017
CVSS 4.7
EPSS 0.02
CVE-2017-5997
HIGH
SAP KERNEL 7.21-7.49 - Denial of Service via Crafted Group Parameter in Message Server HTTP Daemon
Feb 15, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5372
HIGH
SAP NetWeaver AS Java - Unauthenticated Sensitive Information Exposure via MSPRuntimeInterface Functions
Jan 23, 2017
CVSS 7.5
EPSS 0.04
CVE-2016-6256
CRITICAL
SAP Business One for Android <1.2.3 - XSS
May 26, 2017
CVSS 9.6
EPSS 0.08
CVE-2016-6818
CRITICAL
SAP Business Intelligence Platform - SQL Injection
Apr 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-6143
CRITICAL
SAP HANA DB <1.00.73.00.389160 - RCE
Apr 13, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-10311
CRITICAL
SAP NetWeaver 7.0-7.5 - Denial of Service via SAPSTARTSRV Port Crafted Packet
Apr 10, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-10310
MEDIUM
SAP SQL Anywhere < 17.0 - Authenticated Denial of Service via MobiLink Synchronization Server Packet
Apr 10, 2017
CVSS 4.9
EPSS 0.02
CVE-2016-10304
MEDIUM
SAP NetWeaver AS JAVA 7.5 - Authenticated Denial of Service via Deserialization in EP-RUNTIME Component
Apr 10, 2017
CVSS 6.5
EPSS 0.02
CVE-2016-10079
HIGH
SAPlpd < 7400.3.11.33 - Denial of Service via Long String to TCP Port 515
Feb 01, 2017
CVSS 7.5
EPSS 0.06
CVE-2016-6859
MEDIUM
SAP Hybris - Information Disclosure via Java Stack Trace
Dec 31, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-6858
MEDIUM
SAP Hybris < 5.0.4.11 - Authenticated Cross-Site Scripting in Create Employee Name Field
Dec 31, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-6857
MEDIUM
SAP Hybris < 5.2.0.13 - Authenticated Cross-Site Scripting in Create Catalogue ID Field
Dec 31, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-6856
MEDIUM
SAP Hybris < 5.6.0.10 - Cross-Site Scripting via Inbox Search Itemsperpage Parameter
Dec 31, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-10005
HIGH
SAP Solution Manager 7.1-7.31 - Information Disclosure via Webdynpro Dispatcher
Dec 19, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-3685
MEDIUM
SAP Download Manager <2.1.142 - Info Disclosure
Dec 14, 2016
CVSS 4.7
EPSS 0.00
CVE-2016-3684
MEDIUM
SAP Download Manager <2.1.142 - Info Disclosure
Dec 14, 2016
CVSS 4.7
EPSS 0.00
CVE-2016-9563
MEDIUM
KEV
SAP NetWeaver AS JAVA 7.5 - Authenticated XML External Entity Injection via BPEM UWL Connection Provider
Nov 23, 2016
CVSS 6.5
EPSS 0.24
CVE-2016-9562
HIGH
SAP NetWeaver AS JAVA 7.4 - Denial of Service via HTTPS Request to sap.com~P4TunnelingApp!web/myServlet
Nov 23, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-7437
LOW
SAP Netweaver 7.40 - Local Info Disclosure
Oct 13, 2016
CVSS 3.3
EPSS 0.00
CVE-2016-4407
MEDIUM
SAP SAPCRYPTOLIB <5.555.38 - Privilege Escalation
Oct 13, 2016
CVSS 6.5
EPSS 0.01
CVE-2016-3946
HIGH
SAP Console <7.30 - Info Disclosure
Oct 13, 2016
CVSS 7.8
EPSS 0.00
CVE-2016-3638
MEDIUM
SAP SLD Registration - Denial of Service via HOST Parameter
Oct 13, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-3635
HIGH
SAP NetWeaver 7.4 - Authenticated Unified Connectivity Access Control Bypass via Communication Assembly RFM
Oct 13, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-7435
CRITICAL
SAP NetWeaver 7.40 SP 12 - Authenticated Remote Code Execution via SCTC Subpackage CALL 'SYSTEM' Statement
Oct 05, 2016
CVSS 9.1
EPSS 0.03
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters