sap
1,577 tracked vulnerabilities.
CVE-2023-42479
MEDIUM
SAP Biller Direct - Unauthenticated Cross-Site Scripting via URL Frame Injection
Dec 12, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-42478
HIGH
SAP Business Objects Business Intelligence Platform - Stored Cross-Site Scripting via Agnostic Document Upload
Dec 12, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-42476
MEDIUM
SAP BusinessObjects Web Intelligence 420 - Authenticated Stored Cross-Site Scripting
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-42480
MEDIUM
SAP NetWeaver AS Java 7.50 - Unauthenticated User Enumeration via Login Brute Force
Nov 14, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41366
MEDIUM
SAP NetWeaver Application Server ABAP - Info Disclosure
Nov 14, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-31403
CRITICAL
SAP Business One <10.0 - Auth Bypass
Nov 14, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-36920
MEDIUM
SAP Enable Now - WPB_MANAGER <1.0-ENABLE_NOW_CONSUMP_DEL 1704 - XSS
Oct 30, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-42477
MEDIUM
SAP NetWeaver AS Java 7.50 - Server-Side Request Forgery in GRMG Heartbeat Application
Oct 10, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-42475
MEDIUM
SAP S/4HANA - Information Disclosure via Statutory Reporting File Storage
Oct 10, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42474
MEDIUM
SAP BusinessObjects Web Intelligence 420 - Cross-Site Scripting via URL Parameter
Oct 10, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-42473
MEDIUM
SAP S/4HANA 106 - Authenticated Privilege Escalation via Missing Authorization
Oct 10, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-41365
MEDIUM
SAP Business One (B1i) -10.0 - Info Disclosure
Oct 10, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40310
MEDIUM
SAP PowerDesigner Client 16.7 - SSRF
Oct 10, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-40307
MEDIUM
SAP Privileges < 1.5.4 - Out-of-bounds Write via Privilege Escalation Request
Sep 28, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-40625
MEDIUM
S4CORE Manage Purchase Contracts App - Privilege Escalation
Sep 12, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-40624
MEDIUM
SAP NetWeaver AS ABAP - Stored Cross-Site Scripting in Unified Rendering
Sep 12, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-40623
MEDIUM
SAP BusinessObjects Suite Installer <430 - Path Traversal
Sep 12, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-40622
CRITICAL
SAP BusinessObjects <430 - Info Disclosure
Sep 12, 2023
CVSS 9.9
EPSS 0.01
CVE-2023-40621
MEDIUM
SAP PowerDesigner Client -16.7 - Code Injection
Sep 12, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-40309
CRITICAL
SAP CommonCryptoLib - Incorrect Authorization
Sep 12, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-42472
HIGH
SAP BusinessObjects BI Platform 420 - Authenticated Arbitrary File Upload via Web Intelligence HTML Interface
Sep 12, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-41369
LOW
SAP S/4HANA 100-108 - XML External Entity Injection via Payment Attachment
Sep 12, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-41368
LOW
S4 HANA Manage checkbook apps <108 - SSRF
Sep 12, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-41367
MEDIUM
SAP NetWeaver <7.50 - Info Disclosure
Sep 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-40308
HIGH
SAP CommonCryptoLib - Unauthenticated Denial of Service via Memory Corruption
Sep 12, 2023
CVSS 7.5
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters