sap

1,568 tracked vulnerabilities.

CVE-2024-25646 HIGH
SAP BusinessObjects Web Intelligence - Authenticated Information Disclosure via Crafted Document
Apr 09, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-28163 MEDIUM
SAP NetWeaver Process Integration 7.50 - Information Disclosure via Support Web Pages
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27902 MEDIUM
SAP NetWeaver AS ABAP 7.89, 7.93 - Cross-Site Scripting
Mar 12, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-27900 MEDIUM
SAP ABAP Platform <795 - Privilege Escalation
Mar 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25645 MEDIUM
SAP NetWeaver Enterprise Portal 7.50 - Unauthorized Information Disclosure
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25644 MEDIUM
SAP NetWeaver 7.50 - Information Disclosure via WSRM
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-22133 MEDIUM
SAP Fiori Front End Server - version 605 - Info Disclosure
Mar 12, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-22127 CRITICAL
SAP NetWeaver Administrator AS Java - Command Injection
Mar 12, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-25643 MEDIUM
SAP Fiori My Overtime Request 605 - Authenticated Missing Authorization
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-24741 MEDIUM
SAP Master Data Governance - Privilege Escalation
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-22129 MEDIUM
SAP Companion < 3.1.38 - Cross-Site Scripting via URL Parameter
Feb 13, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25642 HIGH
SAP Cloud Connector 2.0 - Improper Certificate Validation
Feb 13, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-24743 HIGH
SAP NetWeaver AS Java 7.50 - Unauthenticated XML External Entity Injection
Feb 13, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-24742 MEDIUM
SAP CRM WebClient UI - S4FND 102-WEBCUIF 801 - XSS
Feb 13, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-24740 MEDIUM
SAP NetWeaver Application Server - Info Disclosure
Feb 13, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-24739 MEDIUM
SAP Bank Account Management - Authenticated Privilege Escalation
Feb 13, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-22132 HIGH
SAP IDES ECC - OS Command Injection
Feb 13, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-22131 CRITICAL
SAP ABAP Platform - Authenticated Remote Code Execution via Vulnerable Interface
Feb 13, 2024
CVSS 9.1
EPSS 0.03
CVE-2024-22130 HIGH
SAP CRM WebClient UI <WEBCUIF - XSS
Feb 13, 2024
CVSS 7.6
EPSS 0.00
CVE-2024-22128 MEDIUM
SAP NWBC for HTML - SAP_UI <759 - XSS
Feb 13, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-22126 MEDIUM
SAP NetWeaver AS for Java <7.50 - XSS
Feb 13, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-22125 HIGH
Microsoft Edge <1.0 - Info Disclosure
Jan 09, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-22124 MEDIUM
SAP NetWeaver ICM and Web Dispatcher - Exposure of Sensitive System Information
Jan 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-21738 MEDIUM
SAP NetWeaver ABAP Application Server and ABAP Platform - Cross-Site Scripting
Jan 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-21737 HIGH
SAP Application Interface Framework File Adapter 702 - Authenticated OS Command Injection
Jan 09, 2024
CVSS 8.4
EPSS 0.00
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV