SAP
SAP SE doing business as SAP, is a German multinational software company based in Walldorf, Baden-Württemberg, that is the world's largest vendor of enterprise software.
Products
593- 131 CVEs
- 118 CVEs
- 113 CVEs
- 81 CVEs
- 57 CVEs
- 52 CVEs
- 47 CVEs
- 43 CVEs
- 40 CVEs
- 37 CVEs
- 37 CVEs
- 37 CVEs
- 33 CVEs
- 33 CVEs
- 27 CVEs
- 24 CVEs
- 23 CVEs
- 21 CVEs
- 20 CVEs
- 18 CVEs
- 18 CVEs
- 17 CVEs
- 16 CVEs
- 15 CVEs
- 15 CVEs
- 15 CVEs
- 15 CVEs
- 14 CVEs
- 14 CVEs
- 14 CVEs
- View all 593 products →
Recent CVEs
1,818| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2386 | Cri | 0.84 | 9.8 | 0.71 | KEV | Feb 16, 2016 | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | |
| CVE-2010-5326 | Cri | 0.78 | 10.0 | 0.17 | KEV | May 13, 2016 | The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour"… | |
| CVE-2015-7241 | Cri | 0.68 | 9.8 | 0.12 | Sep 6, 2017 | XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | ||
| CVE-2017-12637 | Hig | 0.68 | 7.5 | 0.95 | KEV | Aug 7, 2017 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security… | |
| CVE-2016-3976 | Hig | 0.67 | 7.5 | 0.47 | KEV | Apr 7, 2016 | Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | |
| CVE-2016-6256 | Cri | 0.66 | 9.6 | 0.08 | May 26, 2017 | SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP… | ||
| CVE-2025-42890 | Cri | 0.65 | 10.0 | 0.01 | Nov 11, 2025 | SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the… | ||
| CVE-2025-42944 | Cri | 0.65 | 10.0 | 0.03 | Sep 9, 2025 | Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command… | ||
| CVE-2025-42967 | Cri | 0.65 | 9.9 | 0.01 | Jul 8, 2025 | SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on… | ||
| CVE-2026-44748 | Cri | 0.64 | 9.9 | 0.00 | Jun 9, 2026 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to… | ||
| CVE-2026-27671 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2026 | Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This… | ||
| CVE-2026-27681 | Cri | 0.64 | 9.9 | 0.01 | Apr 14, 2026 | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and… | ||
| CVE-2026-0501 | Cri | 0.64 | 9.9 | 0.00 | Jan 13, 2026 | Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity,… | ||
| CVE-2025-42880 | Cri | 0.64 | 9.9 | 0.04 | Dec 9, 2025 | Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality,… | ||
| CVE-2025-42887 | Cri | 0.64 | 9.9 | 0.01 | Nov 11, 2025 | Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality,… | ||
| CVE-2025-42937 | Cri | 0.64 | 9.8 | 0.01 | Oct 14, 2025 | SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the… | ||
| CVE-2025-42922 | Cri | 0.64 | 9.9 | 0.01 | Sep 9, 2025 | SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system. | ||
| CVE-2025-42957 | Cri | 0.64 | 9.9 | 0.02 | Aug 12, 2025 | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a… | ||
| CVE-2025-42950 | Cri | 0.64 | 9.9 | 0.01 | Aug 12, 2025 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability… | ||
| CVE-2025-31330 | Cri | 0.64 | 9.9 | 0.01 | Apr 8, 2025 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability… |
- risk 0.84cvss 9.8epss 0.71
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
- risk 0.78cvss 10.0epss 0.17
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour"…
- risk 0.68cvss 9.8epss 0.12
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
- risk 0.68cvss 7.5epss 0.95
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security…
- risk 0.67cvss 7.5epss 0.47
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
- risk 0.66cvss 9.6epss 0.08
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP…
- risk 0.65cvss 10.0epss 0.01
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the…
- risk 0.65cvss 10.0epss 0.03
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command…
- risk 0.65cvss 9.9epss 0.01
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on…
- risk 0.64cvss 9.9epss 0.00
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to…
- risk 0.64cvss 9.8epss 0.00
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This…
- risk 0.64cvss 9.9epss 0.01
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and…
- risk 0.64cvss 9.9epss 0.00
Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity,…
- risk 0.64cvss 9.9epss 0.04
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality,…
- risk 0.64cvss 9.9epss 0.01
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality,…
- risk 0.64cvss 9.8epss 0.01
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the…
- risk 0.64cvss 9.9epss 0.01
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.
- risk 0.64cvss 9.9epss 0.02
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a…
- risk 0.64cvss 9.9epss 0.01
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability…
- risk 0.64cvss 9.9epss 0.01
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability…