← Back

Sap

sap

1,576 CVEs • 429 products

Products (429)

Click to collapse
Toggle
3d Visual Enterprise Viewer
3d_visual_enterprise_viewer
131 CVEs
Netweaver
netweaver
102 CVEs
Netweaver Application Server Abap
netweaver_application_server_abap
86 CVEs
Businessobjects Business Intelligence Platform
businessobjects_business_intelligence_platform
73 CVEs
Netweaver Application Server Java
netweaver_application_server_java
69 CVEs
Businessobjects Business Intelligence
businessobjects_business_intelligence
45 CVEs
Hana
hana
38 CVEs
Solution Manager
solution_manager
33 CVEs
Business One
business_one
31 CVEs
Internet Graphics Server
internet_graphics_server
28 CVEs
3d Visual Enterprise Author
3d_visual_enterprise_author
27 CVEs
Businessobjects
businessobjects
23 CVEs
Netweaver Abap
netweaver_abap
21 CVEs
Netweaver Process Integration
netweaver_process_integration
21 CVEs
Netweaver Enterprise Portal
netweaver_enterprise_portal
20 CVEs
Hana Extended Application Services
hana_extended_application_services
18 CVEs
Sap Basis
sap_basis
18 CVEs
Commerce Cloud
commerce_cloud
18 CVEs
Business Objects Business Intelligence Platform
business_objects_business_intelligence_platform
18 CVEs
S/4hana
s/4hana
17 CVEs
Disclosure Management
disclosure_management
16 CVEs
Host Agent
host_agent
15 CVEs
Adaptive Server Enterprise
adaptive_server_enterprise
14 CVEs
Enable Now
enable_now
14 CVEs
S4core
s4core
13 CVEs
Sap Db
sap_db
12 CVEs
Customer Relationship Management Webclient Ui
customer_relationship_management_webclient_ui
12 CVEs
Netweaver As Abap
netweaver_as_abap
12 CVEs
Abap Platform
abap_platform
12 CVEs
Sap Web Application Server
sap_web_application_server
11 CVEs
Sap Kernel
sap_kernel
11 CVEs
Supplier Relationship Management
supplier_relationship_management
11 CVEs
Web Dispatcher
web_dispatcher
11 CVEs
Customer Relationship Management
customer_relationship_management
10 CVEs
Netweaver As Abap Business Server Pages
netweaver_as_abap_business_server_pages
10 CVEs
Commerce
commerce
10 CVEs
Internet Transaction Server
internet_transaction_server
9 CVEs
Netweaver Application Server For Java
netweaver_application_server_for_java
9 CVEs
Rfc Library
rfc_library
8 CVEs
Maxdb
maxdb
8 CVEs
Sql Anywhere
sql_anywhere
8 CVEs
Mobile Platform
mobile_platform
8 CVEs
Trex
trex
8 CVEs
Hybris
hybris
8 CVEs
Hana Database
hana_database
8 CVEs
Cloud Connector
cloud_connector
8 CVEs
Landscape Management
landscape_management
8 CVEs
Business Connector
business_connector
7 CVEs
Crystal Reports
crystal_reports
7 CVEs
Afaria
afaria
7 CVEs
Sapscore
sapscore
7 CVEs
S/4 Hana
s/4_hana
7 CVEs
Business Warehouse
business_warehouse
7 CVEs
Netweaver As Internet Graphics Server
netweaver_as_internet_graphics_server
7 CVEs
Sapgui
sapgui
6 CVEs
Erp
erp
6 CVEs
Businessobjects Edge
businessobjects_edge
6 CVEs
Content Server
content_server
6 CVEs
Business Application Software Integrated Solution
business_application_software_integrated_solution
6 CVEs
Business Planning And Consolidation
business_planning_and_consolidation
6 CVEs
Basis
basis
6 CVEs
Fiori Client
fiori_client
6 CVEs
Financial Consolidation
financial_consolidation
6 CVEs
Netweaver Knowledge Management
netweaver_knowledge_management
6 CVEs
Customer Relationship Management S4fnd
customer_relationship_management_s4fnd
6 CVEs
Sap R 3
sap_r_3
5 CVEs
Crystal Reports Server
crystal_reports_server
5 CVEs
Netweaver Java Application Server
netweaver_java_application_server
5 CVEs
Gui For Windows
gui_for_windows
5 CVEs
S4fnd
s4fnd
5 CVEs
Bw/4hana
bw/4hana
5 CVEs
Advanced Business Application Programming Platform Kernel
advanced_business_application_programming_platform_kernel
5 CVEs
Businessobjects Web Intelligence
businessobjects_web_intelligence
5 CVEs
Netweaver As Abap Krnl64uc
netweaver_as_abap_krnl64uc
5 CVEs
Powerdesigner
powerdesigner
5 CVEs
Enjoysap
enjoysap
4 CVEs
Saplpd
saplpd
4 CVEs
Netweaver Development Infrastructure
netweaver_development_infrastructure
4 CVEs
J2ee Engine
j2ee_engine
4 CVEs
Enterprise Portal
enterprise_portal
4 CVEs
Netweaver Abap Application Server
netweaver_abap_application_server
4 CVEs
Commoncryptolib
commoncryptolib
4 CVEs
Business Client
business_client
4 CVEs
Identity Management
identity_management
4 CVEs
Ui
ui
4 CVEs
Businessobjects Bi Platform
businessobjects_bi_platform
4 CVEs
Fiori
fiori
4 CVEs
Advanced Business Application Programming Platform Krnl64nuc
advanced_business_application_programming_platform_krnl64nuc
4 CVEs
Advanced Business Application Programming Platform Krnl64uc
advanced_business_application_programming_platform_krnl64uc
4 CVEs
Diagnostics Agent
diagnostics_agent
4 CVEs
Fiori Launchpad
fiori_launchpad
4 CVEs
Focused Run
focused_run
4 CVEs
Contact Center
contact_center
4 CVEs
Netweaver As Abap Kernel
netweaver_as_abap_kernel
4 CVEs
Netweaver As Abap Krnl64nuc
netweaver_as_abap_krnl64nuc
4 CVEs
Application Interface Framework
application_interface_framework
4 CVEs
Sapsprint
sapsprint
3 CVEs
Graphical User Interface
graphical_user_interface
3 CVEs
Erp Central Component
erp_central_component
3 CVEs
Network Interface Router
network_interface_router
3 CVEs

CVEs (1,576)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-6306
1Sap
1Leasing
Nov 21, 2024
Jan 14, 2020
N/A· v4
2.7 LOW· v3
4.0 MEDIUM· v2
Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).
CVE-2020-6305
1Sap
1Process Integration
Nov 21, 2024
Jan 14, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2020-6304
1Sap
5Netweaver Internet Communication Manager (kernel)
Netweaver Internet Communication Manager (krnl32nuc)Netweaver Internet Communication Manager (krnl32uc)+2 more
Nov 21, 2024
Jan 14, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7...Show more
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.Show less
CVE-2020-6303
1Sap
1Disclosure Management
Nov 21, 2024
Jan 14, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.
CVE-2019-0384
1Sap
2Enterprise Extension Financial Services
Treasury And Risk Management (s4core)
Nov 21, 2024
Dec 17, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary autho...Show more
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.Show less
CVE-2019-0383
1Sap
2Enterprise Extension Financial Services
Treasury And Risk Management (s4core)
Nov 21, 2024
Dec 17, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary autho...Show more
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.Show less
CVE-2019-0405
1Sap
1Enable Now
Nov 21, 2024
Dec 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
CVE-2019-0404
1Sap
1Enable Now
Nov 21, 2024
Dec 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
CVE-2019-0403
1Sap
1Enable Now
Nov 21, 2024
Dec 11, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
CVE-2019-0402
1Sap
1Adaptive Server Enterprise
Nov 21, 2024
Dec 11, 2019
N/A· v4
4.4 MEDIUM· v3
2.1 LOW· v2
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.
CVE-2019-0399
1Sap
1Portfolio And Project Management
Nov 21, 2024
Dec 11, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard...Show more
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.Show less
CVE-2019-0398
1Sap
1Businessobjects Business Intelligence Platform
Nov 21, 2024
Dec 11, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web...Show more
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.Show less
CVE-2019-0395
1Sap
1Businessobjects Business Intelligence Platform
Nov 21, 2024
Dec 11, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.
CVE-2019-0396
1Sap
1Businessobjects Business Intelligence Platform
Nov 21, 2024
Nov 13, 2019
N/A· v4
7.1 HIGH· v3
5.5 MEDIUM· v2
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can c...Show more
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.Show less
CVE-2019-0388
1Sap
1Ui
Nov 21, 2024
Nov 13, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.
CVE-2019-0386
1Sap
2Erp Sales
S4hana Sales
Nov 21, 2024
Nov 13, 2019
N/A· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization...Show more
Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.Show less
CVE-2019-0393
1Sap
1Quality Management
Nov 21, 2024
Nov 13, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspec...Show more
An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results.Show less
CVE-2019-0391
1Sap
1Netweaver Application Server Java
Nov 21, 2024
Nov 13, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
CVE-2019-0390
1Sap
1Diagnostics Agent
Nov 21, 2024
Nov 13, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are...Show more
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users.Show less
CVE-2019-0389
1Sap
1Netweaver Application Server Java
Nov 21, 2024
Nov 13, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execu...Show more
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.Show less