sap

1,577 tracked vulnerabilities.

CVE-2023-42479 MEDIUM
SAP Biller Direct - Unauthenticated Cross-Site Scripting via URL Frame Injection
Dec 12, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-42478 HIGH
SAP Business Objects Business Intelligence Platform - Stored Cross-Site Scripting via Agnostic Document Upload
Dec 12, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-42476 MEDIUM
SAP BusinessObjects Web Intelligence 420 - Authenticated Stored Cross-Site Scripting
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-42480 MEDIUM
SAP NetWeaver AS Java 7.50 - Unauthenticated User Enumeration via Login Brute Force
Nov 14, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41366 MEDIUM
SAP NetWeaver Application Server ABAP - Info Disclosure
Nov 14, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-31403 CRITICAL
SAP Business One <10.0 - Auth Bypass
Nov 14, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-36920 MEDIUM
SAP Enable Now - WPB_MANAGER <1.0-ENABLE_NOW_CONSUMP_DEL 1704 - XSS
Oct 30, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-42477 MEDIUM
SAP NetWeaver AS Java 7.50 - Server-Side Request Forgery in GRMG Heartbeat Application
Oct 10, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-42475 MEDIUM
SAP S/4HANA - Information Disclosure via Statutory Reporting File Storage
Oct 10, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42474 MEDIUM
SAP BusinessObjects Web Intelligence 420 - Cross-Site Scripting via URL Parameter
Oct 10, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-42473 MEDIUM
SAP S/4HANA 106 - Authenticated Privilege Escalation via Missing Authorization
Oct 10, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-41365 MEDIUM
SAP Business One (B1i) -10.0 - Info Disclosure
Oct 10, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40310 MEDIUM
SAP PowerDesigner Client 16.7 - SSRF
Oct 10, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-40307 MEDIUM
SAP Privileges < 1.5.4 - Out-of-bounds Write via Privilege Escalation Request
Sep 28, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-40625 MEDIUM
S4CORE Manage Purchase Contracts App - Privilege Escalation
Sep 12, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-40624 MEDIUM
SAP NetWeaver AS ABAP - Stored Cross-Site Scripting in Unified Rendering
Sep 12, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-40623 MEDIUM
SAP BusinessObjects Suite Installer <430 - Path Traversal
Sep 12, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-40622 CRITICAL
SAP BusinessObjects <430 - Info Disclosure
Sep 12, 2023
CVSS 9.9
EPSS 0.01
CVE-2023-40621 MEDIUM
SAP PowerDesigner Client -16.7 - Code Injection
Sep 12, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-40309 CRITICAL
SAP CommonCryptoLib - Incorrect Authorization
Sep 12, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-42472 HIGH
SAP BusinessObjects BI Platform 420 - Authenticated Arbitrary File Upload via Web Intelligence HTML Interface
Sep 12, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-41369 LOW
SAP S/4HANA 100-108 - XML External Entity Injection via Payment Attachment
Sep 12, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-41368 LOW
S4 HANA Manage checkbook apps <108 - SSRF
Sep 12, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-41367 MEDIUM
SAP NetWeaver <7.50 - Info Disclosure
Sep 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-40308 HIGH
SAP CommonCryptoLib - Unauthenticated Denial of Service via Memory Corruption
Sep 12, 2023
CVSS 7.5
EPSS 0.01