← Back

Sap

sap

1,576 CVEs • 429 products

Products (429)

Click to collapse
Toggle
3d Visual Enterprise Viewer
3d_visual_enterprise_viewer
131 CVEs
Netweaver
netweaver
102 CVEs
Netweaver Application Server Abap
netweaver_application_server_abap
86 CVEs
Businessobjects Business Intelligence Platform
businessobjects_business_intelligence_platform
73 CVEs
Netweaver Application Server Java
netweaver_application_server_java
69 CVEs
Businessobjects Business Intelligence
businessobjects_business_intelligence
45 CVEs
Hana
hana
38 CVEs
Solution Manager
solution_manager
33 CVEs
Business One
business_one
31 CVEs
Internet Graphics Server
internet_graphics_server
28 CVEs
3d Visual Enterprise Author
3d_visual_enterprise_author
27 CVEs
Businessobjects
businessobjects
23 CVEs
Netweaver Abap
netweaver_abap
21 CVEs
Netweaver Process Integration
netweaver_process_integration
21 CVEs
Netweaver Enterprise Portal
netweaver_enterprise_portal
20 CVEs
Hana Extended Application Services
hana_extended_application_services
18 CVEs
Sap Basis
sap_basis
18 CVEs
Commerce Cloud
commerce_cloud
18 CVEs
Business Objects Business Intelligence Platform
business_objects_business_intelligence_platform
18 CVEs
S/4hana
s/4hana
17 CVEs
Disclosure Management
disclosure_management
16 CVEs
Host Agent
host_agent
15 CVEs
Adaptive Server Enterprise
adaptive_server_enterprise
14 CVEs
Enable Now
enable_now
14 CVEs
S4core
s4core
13 CVEs
Sap Db
sap_db
12 CVEs
Customer Relationship Management Webclient Ui
customer_relationship_management_webclient_ui
12 CVEs
Netweaver As Abap
netweaver_as_abap
12 CVEs
Abap Platform
abap_platform
12 CVEs
Sap Web Application Server
sap_web_application_server
11 CVEs
Sap Kernel
sap_kernel
11 CVEs
Supplier Relationship Management
supplier_relationship_management
11 CVEs
Web Dispatcher
web_dispatcher
11 CVEs
Customer Relationship Management
customer_relationship_management
10 CVEs
Netweaver As Abap Business Server Pages
netweaver_as_abap_business_server_pages
10 CVEs
Commerce
commerce
10 CVEs
Internet Transaction Server
internet_transaction_server
9 CVEs
Netweaver Application Server For Java
netweaver_application_server_for_java
9 CVEs
Rfc Library
rfc_library
8 CVEs
Maxdb
maxdb
8 CVEs
Sql Anywhere
sql_anywhere
8 CVEs
Mobile Platform
mobile_platform
8 CVEs
Trex
trex
8 CVEs
Hybris
hybris
8 CVEs
Hana Database
hana_database
8 CVEs
Cloud Connector
cloud_connector
8 CVEs
Landscape Management
landscape_management
8 CVEs
Business Connector
business_connector
7 CVEs
Crystal Reports
crystal_reports
7 CVEs
Afaria
afaria
7 CVEs
Sapscore
sapscore
7 CVEs
S/4 Hana
s/4_hana
7 CVEs
Business Warehouse
business_warehouse
7 CVEs
Netweaver As Internet Graphics Server
netweaver_as_internet_graphics_server
7 CVEs
Sapgui
sapgui
6 CVEs
Erp
erp
6 CVEs
Businessobjects Edge
businessobjects_edge
6 CVEs
Content Server
content_server
6 CVEs
Business Application Software Integrated Solution
business_application_software_integrated_solution
6 CVEs
Business Planning And Consolidation
business_planning_and_consolidation
6 CVEs
Basis
basis
6 CVEs
Fiori Client
fiori_client
6 CVEs
Financial Consolidation
financial_consolidation
6 CVEs
Netweaver Knowledge Management
netweaver_knowledge_management
6 CVEs
Customer Relationship Management S4fnd
customer_relationship_management_s4fnd
6 CVEs
Sap R 3
sap_r_3
5 CVEs
Crystal Reports Server
crystal_reports_server
5 CVEs
Netweaver Java Application Server
netweaver_java_application_server
5 CVEs
Gui For Windows
gui_for_windows
5 CVEs
S4fnd
s4fnd
5 CVEs
Bw/4hana
bw/4hana
5 CVEs
Advanced Business Application Programming Platform Kernel
advanced_business_application_programming_platform_kernel
5 CVEs
Businessobjects Web Intelligence
businessobjects_web_intelligence
5 CVEs
Netweaver As Abap Krnl64uc
netweaver_as_abap_krnl64uc
5 CVEs
Powerdesigner
powerdesigner
5 CVEs
Enjoysap
enjoysap
4 CVEs
Saplpd
saplpd
4 CVEs
Netweaver Development Infrastructure
netweaver_development_infrastructure
4 CVEs
J2ee Engine
j2ee_engine
4 CVEs
Enterprise Portal
enterprise_portal
4 CVEs
Netweaver Abap Application Server
netweaver_abap_application_server
4 CVEs
Commoncryptolib
commoncryptolib
4 CVEs
Business Client
business_client
4 CVEs
Identity Management
identity_management
4 CVEs
Ui
ui
4 CVEs
Businessobjects Bi Platform
businessobjects_bi_platform
4 CVEs
Fiori
fiori
4 CVEs
Advanced Business Application Programming Platform Krnl64nuc
advanced_business_application_programming_platform_krnl64nuc
4 CVEs
Advanced Business Application Programming Platform Krnl64uc
advanced_business_application_programming_platform_krnl64uc
4 CVEs
Diagnostics Agent
diagnostics_agent
4 CVEs
Fiori Launchpad
fiori_launchpad
4 CVEs
Focused Run
focused_run
4 CVEs
Contact Center
contact_center
4 CVEs
Netweaver As Abap Kernel
netweaver_as_abap_kernel
4 CVEs
Netweaver As Abap Krnl64nuc
netweaver_as_abap_krnl64nuc
4 CVEs
Application Interface Framework
application_interface_framework
4 CVEs
Sapsprint
sapsprint
3 CVEs
Graphical User Interface
graphical_user_interface
3 CVEs
Erp Central Component
erp_central_component
3 CVEs
Network Interface Router
network_interface_router
3 CVEs

CVEs (1,576)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-37176
1Sap
1Bw/4hana
Nov 21, 2024
Jun 11, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of p...Show more
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.Show less
CVE-2024-34691
1Sap
1S/4 Hana
Nov 21, 2024
Jun 11, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no i...Show more
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.Show less
CVE-2024-34690
1Sap
1Student Life Cycle Management
Nov 21, 2024
Jun 11, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to a...Show more
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.Show less
CVE-2024-34688
1Sap
1Netweaver Application Server Java
Nov 21, 2024
Jun 11, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no...Show more
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application.Show less
CVE-2024-34686
1Sap
1Customer Relationship Management Webclient Ui
Nov 21, 2024
Jun 11, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the vic...Show more
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.Show less
CVE-2024-34684
1Sap
1Businessobjects Business Intelligence Platform
Nov 21, 2024
Jun 11, 2024
N/A· v4
6.0 MEDIUM· v3
N/A· v2
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker...Show more
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.Show less
CVE-2024-34683
1Sap
1Document Builder
Nov 21, 2024
Jun 11, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victi...Show more
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.Show less
CVE-2024-33001
1Sap
1Netweaver Application Server Abap
Nov 21, 2024
Jun 11, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and se...Show more
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application.Show less
CVE-2024-28164
1Sap
1Netweaver Application Server Java
Nov 21, 2024
Jun 11, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the applica...Show more
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.Show less
CVE-2024-34687
1Sap
1Sap Basis
Oct 23, 2025
May 14, 2024
N/A· v4
9.0 CRITICAL· v3
N/A· v2
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a...Show more
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system. Show less
CVE-2024-33004
1Sap
1Businessobjects Business Intelligence Platform
Oct 23, 2025
May 14, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive informa...Show more
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.Show less
CVE-2024-28165
1Sap
1Businessobjects Business Intelligence Platform
Oct 23, 2025
May 14, 2024
N/A· v4
9.3 CRITICAL· v3
N/A· v2
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of...Show more
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application Show less
CVE-2024-27898
1Sap
1Netweaver
Feb 6, 2025
Apr 9, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible t...Show more
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. Show less
CVE-2024-25646
1Sap
1Businessobjects Web Intelligence
Oct 29, 2025
Apr 9, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a...Show more
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.Show less
CVE-2024-28163
1Sap
1Netweaver Process Integration
Feb 7, 2025
Mar 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality w...Show more
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.Show less
CVE-2024-27902
1Sap
1Netweaver As Abap
Feb 26, 2025
Mar 12, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can all...Show more
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system Show less
CVE-2024-27900
1Sap
1Abap Platform
Feb 26, 2025
Mar 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template...Show more
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. Show less
CVE-2024-25645
1Sap
1Netweaver Enterprise Portal
Feb 7, 2025
Mar 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no i...Show more
Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.Show less
CVE-2024-25644
1Sap
1Netweaver
Apr 10, 2025
Mar 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability...Show more
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.Show less
CVE-2024-22133
1Sap
1Fiori Front End Server
Feb 26, 2025
Mar 12, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impa...Show more
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application. Show less