sap

1,577 tracked vulnerabilities.

CVE-2024-34686 MEDIUM
SAP Customer Relationship Management WebClient UI - Unauthenticated Stored Cross-Site Scripting via Crafted URL
Jun 11, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34684 LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Local Account Password Exposure
Jun 11, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-34683 MEDIUM
SAP Document Builder - Authenticated Unrestricted Upload of File with Dangerous Type
Jun 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-33001 MEDIUM
SAP NetWeaver and ABAP Platform - Denial of Service
Jun 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-28164 MEDIUM
SAP NetWeaver AS Java - Unauthenticated Exposure of Sensitive Information via CAF Guided Procedures
Jun 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-34687 MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Cross-Site Scripting
May 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-33004 MEDIUM
SAP Business Objects - Info Disclosure
May 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-28165 HIGH
SAP BusinessObjects Business Intelligence Platform - Stored Cross-Site Scripting via Opendocument URL Parameter
May 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-27898 MEDIUM
SAP NetWeaver - Server-Side Request Forgery via Crafted Request
Apr 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25646 HIGH
SAP BusinessObjects Web Intelligence - Authenticated Information Disclosure via Crafted Document
Apr 09, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-28163 MEDIUM
SAP NetWeaver Process Integration 7.50 - Information Disclosure via Support Web Pages
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27902 MEDIUM
SAP NetWeaver AS ABAP 7.89, 7.93 - Cross-Site Scripting
Mar 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-27900 MEDIUM
SAP ABAP Platform <795 - Privilege Escalation
Mar 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25645 MEDIUM
SAP NetWeaver Enterprise Portal 7.50 - Unauthorized Information Disclosure
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25644 MEDIUM
SAP NetWeaver 7.50 - Information Disclosure via WSRM
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-22133 MEDIUM
SAP Fiori Front End Server - version 605 - Info Disclosure
Mar 12, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-22127 CRITICAL
SAP NetWeaver Administrator AS Java - Command Injection
Mar 12, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-25643 MEDIUM
SAP Fiori My Overtime Request 605 - Authenticated Missing Authorization
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-24741 MEDIUM
SAP Master Data Governance - Privilege Escalation
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-22129 MEDIUM
SAP Companion < 3.1.38 - Cross-Site Scripting via URL Parameter
Feb 13, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25642 HIGH
SAP Cloud Connector 2.0 - Improper Certificate Validation
Feb 13, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-24743 HIGH
SAP NetWeaver AS Java 7.50 - Unauthenticated XML External Entity Injection
Feb 13, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-24742 MEDIUM
SAP CRM WebClient UI - S4FND 102-WEBCUIF 801 - XSS
Feb 13, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-24740 MEDIUM
SAP NetWeaver Application Server - Info Disclosure
Feb 13, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-24739 MEDIUM
SAP Bank Account Management - Authenticated Privilege Escalation
Feb 13, 2024
CVSS 6.3
EPSS 0.00