sap
1,577 tracked vulnerabilities.
CVE-2024-34686
MEDIUM
SAP Customer Relationship Management WebClient UI - Unauthenticated Stored Cross-Site Scripting via Crafted URL
Jun 11, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34684
LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Local Account Password Exposure
Jun 11, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-34683
MEDIUM
SAP Document Builder - Authenticated Unrestricted Upload of File with Dangerous Type
Jun 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-33001
MEDIUM
SAP NetWeaver and ABAP Platform - Denial of Service
Jun 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-28164
MEDIUM
SAP NetWeaver AS Java - Unauthenticated Exposure of Sensitive Information via CAF Guided Procedures
Jun 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-34687
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Cross-Site Scripting
May 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-33004
MEDIUM
SAP Business Objects - Info Disclosure
May 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-28165
HIGH
SAP BusinessObjects Business Intelligence Platform - Stored Cross-Site Scripting via Opendocument URL Parameter
May 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-27898
MEDIUM
SAP NetWeaver - Server-Side Request Forgery via Crafted Request
Apr 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25646
HIGH
SAP BusinessObjects Web Intelligence - Authenticated Information Disclosure via Crafted Document
Apr 09, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-28163
MEDIUM
SAP NetWeaver Process Integration 7.50 - Information Disclosure via Support Web Pages
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27902
MEDIUM
SAP NetWeaver AS ABAP 7.89, 7.93 - Cross-Site Scripting
Mar 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-27900
MEDIUM
SAP ABAP Platform <795 - Privilege Escalation
Mar 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25645
MEDIUM
SAP NetWeaver Enterprise Portal 7.50 - Unauthorized Information Disclosure
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25644
MEDIUM
SAP NetWeaver 7.50 - Information Disclosure via WSRM
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-22133
MEDIUM
SAP Fiori Front End Server - version 605 - Info Disclosure
Mar 12, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-22127
CRITICAL
SAP NetWeaver Administrator AS Java - Command Injection
Mar 12, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-25643
MEDIUM
SAP Fiori My Overtime Request 605 - Authenticated Missing Authorization
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-24741
MEDIUM
SAP Master Data Governance - Privilege Escalation
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-22129
MEDIUM
SAP Companion < 3.1.38 - Cross-Site Scripting via URL Parameter
Feb 13, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25642
HIGH
SAP Cloud Connector 2.0 - Improper Certificate Validation
Feb 13, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-24743
HIGH
SAP NetWeaver AS Java 7.50 - Unauthenticated XML External Entity Injection
Feb 13, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-24742
MEDIUM
SAP CRM WebClient UI - S4FND 102-WEBCUIF 801 - XSS
Feb 13, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-24740
MEDIUM
SAP NetWeaver Application Server - Info Disclosure
Feb 13, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-24739
MEDIUM
SAP Bank Account Management - Authenticated Privilege Escalation
Feb 13, 2024
CVSS 6.3
EPSS 0.00
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters