VYPR

Vendor CVEs

SAP

All CVEs

1,818 total · sorted by risk
  • CVE-2016-2386CriKEVFeb 16, 2016
    risk 0.84cvss 9.8epss 0.71

    SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

  • CVE-2010-5326CriKEVMay 13, 2016
    risk 0.78cvss 10.0epss 0.17

    The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour"…

  • CVE-2015-7241CriSep 6, 2017
    risk 0.68cvss 9.8epss 0.12

    XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

  • CVE-2017-12637HigKEVAug 7, 2017
    risk 0.68cvss 7.5epss 0.95

    Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security…

  • CVE-2016-3976HigKEVApr 7, 2016
    risk 0.67cvss 7.5epss 0.47

    Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

  • CVE-2016-6256CriMay 26, 2017
    risk 0.66cvss 9.6epss 0.08

    SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP…

  • CVE-2025-42890CriNov 11, 2025
    risk 0.65cvss 10.0epss 0.01

    SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the…

  • CVE-2025-42944CriSep 9, 2025
    risk 0.65cvss 10.0epss 0.03

    Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command…

  • CVE-2025-42967CriJul 8, 2025
    risk 0.65cvss 9.9epss 0.01

    SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on…

  • CVE-2026-44748CriJun 9, 2026
    risk 0.64cvss 9.9epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to…

  • CVE-2026-27671CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This…

  • CVE-2026-27681CriApr 14, 2026
    risk 0.64cvss 9.9epss 0.01

    Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and…

  • CVE-2026-0501CriJan 13, 2026
    risk 0.64cvss 9.9epss 0.00

    Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity,…

  • CVE-2025-42880CriDec 9, 2025
    risk 0.64cvss 9.9epss 0.04

    Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality,…

  • CVE-2025-42887CriNov 11, 2025
    risk 0.64cvss 9.9epss 0.01

    Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality,…

  • CVE-2025-42937CriOct 14, 2025
    risk 0.64cvss 9.8epss 0.01

    SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the…

  • CVE-2025-42922CriSep 9, 2025
    risk 0.64cvss 9.9epss 0.01

    SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.

  • CVE-2025-42957CriAug 12, 2025
    risk 0.64cvss 9.9epss 0.02

    SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a…

  • CVE-2025-42950CriAug 12, 2025
    risk 0.64cvss 9.9epss 0.01

    SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability…

  • CVE-2025-31330CriApr 8, 2025
    risk 0.64cvss 9.9epss 0.01

    SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability…

  • CVE-2025-30016CriApr 8, 2025
    risk 0.64cvss 9.8epss 0.01

    SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the…

  • CVE-2025-27429CriApr 8, 2025
    risk 0.64cvss 9.9epss 0.01

    SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a…

  • CVE-2025-0070CriJan 14, 2025
    risk 0.64cvss 9.9epss 0.01

    SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential…

  • CVE-2018-2424CriJun 12, 2018
    risk 0.64cvss 9.8epss 0.02

    SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5…

  • CVE-2018-2368CriMar 1, 2018
    risk 0.64cvss 9.8epss 0.03

    SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.

  • CVE-2017-16684CriDec 12, 2017
    risk 0.64cvss 9.8epss 0.03

    SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.

  • CVE-2017-15295CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.

  • CVE-2017-15293CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.04

    Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.

  • CVE-2017-11459CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.02

    SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.

  • CVE-2016-6818CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL…

  • CVE-2016-6143CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.04

    SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.

  • CVE-2017-7691CriApr 11, 2017
    risk 0.64cvss 9.8epss 0.02

    A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.

  • CVE-2016-10311CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

  • CVE-2017-6950CriMar 23, 2017
    risk 0.64cvss 9.8epss 0.04

    SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.

  • CVE-2016-7402CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.01

    SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.

  • CVE-2016-6137CriSep 27, 2016
    risk 0.64cvss 9.8epss 0.05

    An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.

  • CVE-2016-6150CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.03

    The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.

  • CVE-2016-6147CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.05

    An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

  • CVE-2016-6140CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.06

    SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.

  • CVE-2016-6139CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.04

    SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

  • CVE-2016-6138CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.06

    Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

  • CVE-2016-1928CriJan 20, 2016
    risk 0.64cvss 9.8epss 0.06

    Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.

  • CVE-2016-3974CriApr 7, 2016
    risk 0.63cvss 9.1epss 0.15

    XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to…

  • CVE-2026-34263CriMay 12, 2026
    risk 0.62cvss 9.6epss 0.01

    Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

  • CVE-2026-34260CriMay 12, 2026
    risk 0.62cvss 9.6epss 0.00

    SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are…

  • CVE-2018-2445CriAug 14, 2018
    risk 0.62cvss 9.6epss 0.01

    AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

  • CVE-2016-1929CriJan 20, 2016
    risk 0.61cvss 9.3epss 0.02

    The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

  • CVE-2026-40128CriJun 9, 2026
    risk 0.59cvss 9.0epss 0.00

    SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the…

  • CVE-2025-42928CriDec 9, 2025
    risk 0.59cvss 9.1epss 0.08

    Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on…

  • CVE-2025-42910CriOct 14, 2025
    risk 0.59cvss 9.0epss 0.00

    Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful…

Page 1 of 37