sap
1,577 tracked vulnerabilities.
CVE-2024-22132
HIGH
SAP IDES ECC - OS Command Injection
Feb 13, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-22131
CRITICAL
SAP ABAP Platform - Authenticated Remote Code Execution via Vulnerable Interface
Feb 13, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22130
HIGH
SAP CRM WebClient UI <WEBCUIF - XSS
Feb 13, 2024
CVSS 7.6
EPSS 0.00
CVE-2024-22128
MEDIUM
SAP NWBC for HTML - SAP_UI <759 - XSS
Feb 13, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-22126
MEDIUM
SAP NetWeaver AS for Java <7.50 - XSS
Feb 13, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22125
HIGH
Microsoft Edge <1.0 - Info Disclosure
Jan 09, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-22124
MEDIUM
SAP NetWeaver ICM and Web Dispatcher - Exposure of Sensitive System Information
Jan 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-21738
MEDIUM
SAP NetWeaver ABAP Application Server and ABAP Platform - Cross-Site Scripting
Jan 09, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-21737
HIGH
SAP Application Interface Framework File Adapter 702 - Authenticated OS Command Injection
Jan 09, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-21736
MEDIUM
SAP S/4HANA Finance for Advanced Payment Management - Incorrect Authorization in Function Import
Jan 09, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-21735
HIGH
SAP LT Replication Server S4CORE 103-108 - Incorrect Authorization
Jan 09, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-21734
LOW
SAP Marketing 160 - URL Redirection to Untrusted Site via Contacts App
Jan 09, 2024
CVSS 3.7
EPSS 0.00
CVE-2023-50424
CRITICAL
SAP BTP Security Services Integration Library < 0.17.0 - Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-6542
HIGH
SAP Emarsys SDK for Android - Unauthenticated Arbitrary URL Navigation via Activity Invocation
Dec 12, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-50423
CRITICAL
SAP XSSEC < 4.1.0 - Unauthenticated Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-50422
CRITICAL
SAP BTP Security Services Integration Library <2.17.0 and 3.0.0-<3.3.0 - Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-49587
MEDIUM
SAP Solution Manager 720 - Authenticated Remote Code Execution via Deprecated Function Modules
Dec 12, 2023
CVSS 6.4
EPSS 0.00
CVE-2023-49584
MEDIUM
SAP Fiori launchpad - HTTP Request Smuggling via POST on Read-Only Service
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-49583
CRITICAL
SAP @sap/xssec < 3.6.0 - Unauthenticated Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-49581
MEDIUM
SAP NetWeaver Application Server ABAP - Unauthenticated SQL Injection and Data Manipulation
Dec 12, 2023
CVSS 4.1
EPSS 0.01
CVE-2023-49580
HIGH
SAP GUI for Windows and SAP GUI for Java - Unauthenticated Information Disclosure and Layout Configuration Manipulation
Dec 12, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-49578
LOW
SAP Cloud Connector 2.0 - Authenticated Denial of Service via Malicious Request
Dec 12, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-49577
MEDIUM
SAP HCM SMART PAYE S4HCMCIE 100 SAP_HRCIE 600 604 608 - Cross-Site Scripting
Dec 12, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-49058
LOW
SAP Master Data Governance File Upload - Path Traversal
Dec 12, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-42481
HIGH
SAP Commerce Cloud HY_COM 1905-2205, COM_CLOUD 2211 - Weak Password Recovery
Dec 12, 2023
CVSS 8.1
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters