sap

1,568 tracked vulnerabilities.

CVE-2023-37490 HIGH
SAP BusinessObjects Business Intelligence 420, 430 - Authenticated Uncontrolled Search Path Element
Aug 08, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-37488 MEDIUM
SAP NetWeaver Process Integration - Cross-Site Scripting
Aug 08, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-37487 MEDIUM
SAP Business One (Service Layer) - version 10.0 - Info Disclosure
Aug 08, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-37486 MEDIUM
SAP Commerce Cloud - Information Disclosure via OCC API Endpoints
Aug 08, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-37484 MEDIUM
SAP PowerDesigner 16.7 - Use of a Broken or Risky Cryptographic Algorithm
Aug 08, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-37483 CRITICAL
SAP PowerDesigner 16.7 - Unauthenticated Arbitrary Database Query Execution via Proxy
Aug 08, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-36926 LOW
SAP Host Agent <7.22 - Info Disclosure
Aug 08, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-36923 HIGH
SAP PowerDesigner <16.7 SP06 PL03 - Code Injection
Aug 08, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-33993 HIGH
SAP Business One 10.0 - SQL Injection
Aug 08, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-36925 HIGH
SAP Solution Manager 7.20 - Unauthenticated Server-Side Request Forgery
Jul 11, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-36924 MEDIUM
SAP ERP Defense Forces and Public Security - Authenticated Privileg...
Jul 11, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-36922 CRITICAL
SAP ECC/S/4HANA - Command Injection
Jul 11, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-36921 HIGH
SAP Solution Manager (Diagnostics agent) -7.20 - SSRF
Jul 11, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-36919 MEDIUM
SAP Enable Now - Unauthenticated Exposure of Sensitive Information via Missing Referrer-Policy Header
Jul 11, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-36918 MEDIUM
SAP Enable Now - Cross-Site Scripting via MIME Type Sniffing
Jul 11, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-36917 MEDIUM
SAP BusinessObjects Business Intelligence Platform - Password Bypass
Jul 11, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-35874 MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform - Missing Authentication for Critical Function
Jul 11, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-35873 MEDIUM
SAP NetWeaver Process Integration SAP_XITOOL 7.50 - Unauthenticated Missing Authentication for Critical Function
Jul 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-35872 MEDIUM
SAP NetWeaver Process Integration SAP_XIAF 7.50 - Unauthenticated Missing Authentication for Critical Function
Jul 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-35871 HIGH
SAP Web Dispatcher - Out-of-bounds Write
Jul 11, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-35870 MEDIUM
SAP S/4HANA S4CORE 104-107 - Incorrect Permission Assignment in Journal Entry Template
Jul 11, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-33992 MEDIUM
SAP Business Warehouse and SAP BW/4HANA - Missing Authorization in BICS Communication Layer
Jul 11, 2023
CVSS 4.5
EPSS 0.00
CVE-2023-33990 HIGH
SAP SQL Anywhere 17.0 - Denial of Service via Shared Memory Object Manipulation
Jul 11, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-33989 HIGH
SAP NetWeaver (BI CONT ADD ON) <757 - Path Traversal
Jul 11, 2023
CVSS 8.7
EPSS 0.00
CVE-2023-33988 MEDIUM
SAP Enable Now - Unauthenticated Reflected Cross-Site Scripting
Jul 11, 2023
CVSS 6.1
EPSS 0.01
Products
3d_visual_enterprise_viewer 131 netweaver 102 netweaver_application_server_abap 78 businessobjects_business_intelligence_platform 73 netweaver_application_server_java 68 businessobjects_business_intelligence 45 hana 38 solution_manager 33 business_one 31 internet_graphics_server 28 3d_visual_enterprise_author 27 businessobjects 23 netweaver_abap 21 netweaver_process_integration 21 netweaver_enterprise_portal 20 business_objects_business_intelligence_platform 18 commerce_cloud 18 hana_extended_application_services 18 sap_basis 18 s\/4hana 17 disclosure_management 16 host_agent 15 adaptive_server_enterprise 14 enable_now 14 s4core 13 abap_platform 12 customer_relationship_management_webclient_ui 12 netweaver_as_abap 12 sap_db 12 sap_kernel 11
Quick Filters
Critical CVEs With Exploits In CISA KEV