sap

1,577 tracked vulnerabilities.

CVE-2024-22132 HIGH
SAP IDES ECC - OS Command Injection
Feb 13, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-22131 CRITICAL
SAP ABAP Platform - Authenticated Remote Code Execution via Vulnerable Interface
Feb 13, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22130 HIGH
SAP CRM WebClient UI <WEBCUIF - XSS
Feb 13, 2024
CVSS 7.6
EPSS 0.00
CVE-2024-22128 MEDIUM
SAP NWBC for HTML - SAP_UI <759 - XSS
Feb 13, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-22126 MEDIUM
SAP NetWeaver AS for Java <7.50 - XSS
Feb 13, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22125 HIGH
Microsoft Edge <1.0 - Info Disclosure
Jan 09, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-22124 MEDIUM
SAP NetWeaver ICM and Web Dispatcher - Exposure of Sensitive System Information
Jan 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-21738 MEDIUM
SAP NetWeaver ABAP Application Server and ABAP Platform - Cross-Site Scripting
Jan 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-21737 HIGH
SAP Application Interface Framework File Adapter 702 - Authenticated OS Command Injection
Jan 09, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-21736 MEDIUM
SAP S/4HANA Finance for Advanced Payment Management - Incorrect Authorization in Function Import
Jan 09, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-21735 HIGH
SAP LT Replication Server S4CORE 103-108 - Incorrect Authorization
Jan 09, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-21734 LOW
SAP Marketing 160 - URL Redirection to Untrusted Site via Contacts App
Jan 09, 2024
CVSS 3.7
EPSS 0.00
CVE-2023-50424 CRITICAL
SAP BTP Security Services Integration Library < 0.17.0 - Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-6542 HIGH
SAP Emarsys SDK for Android - Unauthenticated Arbitrary URL Navigation via Activity Invocation
Dec 12, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-50423 CRITICAL
SAP XSSEC < 4.1.0 - Unauthenticated Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-50422 CRITICAL
SAP BTP Security Services Integration Library <2.17.0 and 3.0.0-<3.3.0 - Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-49587 MEDIUM
SAP Solution Manager 720 - Authenticated Remote Code Execution via Deprecated Function Modules
Dec 12, 2023
CVSS 6.4
EPSS 0.00
CVE-2023-49584 MEDIUM
SAP Fiori launchpad - HTTP Request Smuggling via POST on Read-Only Service
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-49583 CRITICAL
SAP @sap/xssec < 3.6.0 - Unauthenticated Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-49581 MEDIUM
SAP NetWeaver Application Server ABAP - Unauthenticated SQL Injection and Data Manipulation
Dec 12, 2023
CVSS 4.1
EPSS 0.01
CVE-2023-49580 HIGH
SAP GUI for Windows and SAP GUI for Java - Unauthenticated Information Disclosure and Layout Configuration Manipulation
Dec 12, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-49578 LOW
SAP Cloud Connector 2.0 - Authenticated Denial of Service via Malicious Request
Dec 12, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-49577 MEDIUM
SAP HCM SMART PAYE S4HCMCIE 100 SAP_HRCIE 600 604 608 - Cross-Site Scripting
Dec 12, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-49058 LOW
SAP Master Data Governance File Upload - Path Traversal
Dec 12, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-42481 HIGH
SAP Commerce Cloud HY_COM 1905-2205, COM_CLOUD 2211 - Weak Password Recovery
Dec 12, 2023
CVSS 8.1
EPSS 0.01