sap
1,577 tracked vulnerabilities.
CVE-2023-37489
MEDIUM
SAP BusinessObjects BI Platform 403 - Unauthenticated Info Disclosure via VMS
Sep 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-40306
MEDIUM
SAP S/4HANA - Open Redirect in Manage Catalog Items and Cross-Catalog Searches
Sep 08, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-39438
HIGH
SAP Contributor License Agreement Assistant < 2.13.1 - Authenticated Missing Authorization
Aug 15, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-39440
MEDIUM
SAP BusinessObjects Business Intelligence 420 - Cleartext Storage of Sensitive Information
Aug 08, 2023
CVSS 4.4
EPSS 0.00
CVE-2023-39439
HIGH
SAP Commerce Cloud - Info Disclosure
Aug 08, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-39437
HIGH
SAP Business One 10.0 - Cross-Site Scripting
Aug 08, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-39436
MEDIUM
SAP Supplier Relationship Management 600-606, 616-617 - Unauthenticated Information Disclosure
Aug 08, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-37492
MEDIUM
SAP NetWeaver Application Server ABAP - Missing Authorization Checks
Aug 08, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-37491
HIGH
SAP Message Server - Incorrect Authorization
Aug 08, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-37490
HIGH
SAP BusinessObjects Business Intelligence 420, 430 - Authenticated Uncontrolled Search Path Element
Aug 08, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-37488
MEDIUM
SAP NetWeaver Process Integration - Cross-Site Scripting
Aug 08, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-37487
MEDIUM
SAP Business One (Service Layer) - version 10.0 - Info Disclosure
Aug 08, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-37486
MEDIUM
SAP Commerce Cloud - Information Disclosure via OCC API Endpoints
Aug 08, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-37484
MEDIUM
SAP PowerDesigner 16.7 - Use of a Broken or Risky Cryptographic Algorithm
Aug 08, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-37483
CRITICAL
SAP PowerDesigner 16.7 - Unauthenticated Arbitrary Database Query Execution via Proxy
Aug 08, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-36926
LOW
SAP Host Agent <7.22 - Info Disclosure
Aug 08, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-36923
HIGH
SAP PowerDesigner <16.7 SP06 PL03 - Code Injection
Aug 08, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-33993
HIGH
SAP Business One 10.0 - SQL Injection
Aug 08, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-36925
HIGH
SAP Solution Manager 7.20 - Unauthenticated Server-Side Request Forgery
Jul 11, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-36924
MEDIUM
SAP ERP Defense Forces and Public Security - Authenticated Privileg...
Jul 11, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-36922
CRITICAL
SAP ECC/S/4HANA - Command Injection
Jul 11, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-36921
HIGH
SAP Solution Manager (Diagnostics agent) -7.20 - SSRF
Jul 11, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-36919
MEDIUM
SAP Enable Now - Unauthenticated Exposure of Sensitive Information via Missing Referrer-Policy Header
Jul 11, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-36918
MEDIUM
SAP Enable Now - Cross-Site Scripting via MIME Type Sniffing
Jul 11, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-36917
MEDIUM
SAP BusinessObjects Business Intelligence Platform - Password Bypass
Jul 11, 2023
CVSS 5.9
EPSS 0.01
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters