sap

1,568 tracked vulnerabilities.

CVE-2023-42474 MEDIUM
SAP BusinessObjects Web Intelligence 420 - Cross-Site Scripting via URL Parameter
Oct 10, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-42473 MEDIUM
SAP S/4HANA 106 - Authenticated Privilege Escalation via Missing Authorization
Oct 10, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-41365 MEDIUM
SAP Business One (B1i) -10.0 - Info Disclosure
Oct 10, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40310 MEDIUM
SAP PowerDesigner Client 16.7 - SSRF
Oct 10, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-40307 MEDIUM
SAP Privileges < 1.5.4 - Out-of-bounds Write via Privilege Escalation Request
Sep 28, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-40625 MEDIUM
S4CORE Manage Purchase Contracts App - Privilege Escalation
Sep 12, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-40624 MEDIUM
SAP NetWeaver AS ABAP - Stored Cross-Site Scripting in Unified Rendering
Sep 12, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-40623 MEDIUM
SAP BusinessObjects Suite Installer <430 - Path Traversal
Sep 12, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-40622 CRITICAL
SAP BusinessObjects <430 - Info Disclosure
Sep 12, 2023
CVSS 9.9
EPSS 0.00
CVE-2023-40621 MEDIUM
SAP PowerDesigner Client -16.7 - Code Injection
Sep 12, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-40309 CRITICAL
SAP CommonCryptoLib - Incorrect Authorization
Sep 12, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-42472 HIGH
SAP BusinessObjects BI Platform 420 - Authenticated Arbitrary File Upload via Web Intelligence HTML Interface
Sep 12, 2023
CVSS 8.7
EPSS 0.00
CVE-2023-41369 LOW
SAP S/4HANA 100-108 - XML External Entity Injection via Payment Attachment
Sep 12, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-41368 LOW
S4 HANA Manage checkbook apps <108 - SSRF
Sep 12, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-41367 MEDIUM
SAP NetWeaver <7.50 - Info Disclosure
Sep 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-40308 HIGH
SAP CommonCryptoLib - Unauthenticated Denial of Service via Memory Corruption
Sep 12, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-37489 MEDIUM
SAP BusinessObjects BI Platform 403 - Unauthenticated Info Disclosure via VMS
Sep 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-40306 MEDIUM
SAP S/4HANA - Open Redirect in Manage Catalog Items and Cross-Catalog Searches
Sep 08, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-39438 HIGH
SAP Contributor License Agreement Assistant < 2.13.1 - Authenticated Missing Authorization
Aug 15, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-39440 MEDIUM
SAP BusinessObjects Business Intelligence 420 - Cleartext Storage of Sensitive Information
Aug 08, 2023
CVSS 4.4
EPSS 0.00
CVE-2023-39439 HIGH
SAP Commerce Cloud - Info Disclosure
Aug 08, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-39437 HIGH
SAP Business One 10.0 - Cross-Site Scripting
Aug 08, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-39436 MEDIUM
SAP Supplier Relationship Management 600-606, 616-617 - Unauthenticated Information Disclosure
Aug 08, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-37492 MEDIUM
SAP NetWeaver Application Server ABAP - Missing Authorization Checks
Aug 08, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-37491 HIGH
SAP Message Server - Incorrect Authorization
Aug 08, 2023
CVSS 7.5
EPSS 0.00
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV