VYPR

Vendor CVEs

SAP

All CVEs

1,818 total · sorted by risk
  • CVE-2025-30015MedApr 8, 2025
    risk 0.27cvss 4.1epss 0.00

    Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This…

  • CVE-2025-27435MedApr 8, 2025
    risk 0.27cvss 4.2epss 0.00

    Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on…

  • CVE-2025-23185MedMar 11, 2025
    risk 0.27cvss 4.1epss 0.00

    Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed…

  • CVE-2024-33009MedMay 14, 2024
    risk 0.27cvss 4.2epss 0.00

    SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality…

  • CVE-2025-42971MedJul 8, 2025
    risk 0.26cvss 4.0epss 0.00

    A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could…

  • CVE-2026-44743LowJun 9, 2026
    risk 0.24cvss 3.7epss 0.00

    Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.

  • CVE-2018-2419LowMay 9, 2018
    risk 0.24cvss 3.7epss 0.01

    SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

  • CVE-2026-24310LowMar 10, 2026
    risk 0.23cvss 3.5epss 0.00

    Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the…

  • CVE-2025-42955LowAug 12, 2025
    risk 0.23cvss 3.5epss 0.00

    Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact…

  • CVE-2025-42941LowAug 12, 2025
    risk 0.23cvss 3.5epss 0.00

    SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link () elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While…

  • CVE-2025-42978LowJul 8, 2025
    risk 0.23cvss 3.5epss 0.00

    The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might…

  • CVE-2025-27430LowMar 11, 2025
    risk 0.23cvss 3.5epss 0.00

    Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the…

  • CVE-2024-47587LowNov 12, 2024
    risk 0.23cvss 3.5epss 0.00

    Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.

  • CVE-2024-33007LowMay 14, 2024
    risk 0.23cvss 3.5epss 0.00

    PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can…

  • CVE-2024-33000LowMay 14, 2024
    risk 0.23cvss 3.5epss 0.00

    SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system.

  • CVE-2022-22536KEVFeb 9, 2022
    risk 0.23cvss epss 0.98

    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary…

  • CVE-2020-6287KEVJul 14, 2020
    risk 0.23cvss epss 0.95

    SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including…

  • CVE-2020-6207KEVMar 10, 2020
    risk 0.23cvss epss 0.98

    SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

  • CVE-2026-40131LowMay 12, 2026
    risk 0.22cvss 3.4epss 0.00

    SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements…

  • CVE-2025-42927LowSep 9, 2025
    risk 0.22cvss 3.4epss 0.00

    SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system…

  • CVE-2025-31324KEVApr 24, 2025
    risk 0.21cvss epss 0.99

    SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality,…

  • CVE-2024-47576LowDec 10, 2024
    risk 0.21cvss 3.3epss 0.00

    SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious…

  • CVE-2016-7437LowOct 13, 2016
    risk 0.21cvss 3.3epss 0.00

    SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka…

  • CVE-2026-27680LowMay 14, 2026
    risk 0.20cvss 3.1epss 0.00

    Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is…

  • CVE-2025-42909LowOct 14, 2025
    risk 0.20cvss 3.0epss 0.00

    SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and…

  • CVE-2025-42914LowSep 9, 2025
    risk 0.20cvss 3.1epss 0.00

    Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the…

  • CVE-2025-42913LowSep 9, 2025
    risk 0.20cvss 3.1epss 0.00

    Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the…

  • CVE-2025-42990LowJun 10, 2025
    risk 0.20cvss 3.0epss 0.00

    Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are…

  • CVE-2025-26655LowMar 11, 2025
    risk 0.20cvss 3.1epss 0.00

    SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are…

  • CVE-2025-23191LowFeb 11, 2025
    risk 0.20cvss 3.1epss 0.00

    Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious…

  • CVE-2021-38163KEVSep 14, 2021
    risk 0.19cvss epss 0.37

    SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with…

  • CVE-2025-42883LowNov 11, 2025
    risk 0.18cvss 2.7epss 0.00

    Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system.…

  • CVE-2025-42954LowJul 8, 2025
    risk 0.18cvss 2.7epss 0.00

    SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to…

  • CVE-2024-47577LowDec 10, 2024
    risk 0.18cvss 2.7epss 0.00

    Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an…

  • CVE-2017-9843LowJul 12, 2017
    risk 0.18cvss 2.7epss 0.02

    SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.

  • CVE-2025-27432LowMar 11, 2025
    risk 0.16cvss 2.4epss 0.00

    The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call…

  • CVE-2024-45284LowSep 10, 2024
    risk 0.16cvss 2.4epss 0.00

    An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.

  • CVE-2025-42999KEVMay 13, 2025
    risk 0.15cvss epss 0.11

    SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

  • CVE-2019-0344KEVAug 14, 2019
    risk 0.15cvss epss 0.07

    Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

  • CVE-2010-0219Oct 18, 2010
    risk 0.10cvss epss 0.90

    Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web…

  • CVE-2013-1592Jan 23, 2020
    risk 0.09cvss epss 0.23

    A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a…

  • CVE-2008-0621Feb 6, 2008
    risk 0.09cvss epss 0.73

    Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.

  • CVE-2008-0244Jan 12, 2008
    risk 0.09cvss epss 0.80

    SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

  • CVE-2007-3614Jul 6, 2007
    risk 0.09cvss epss 0.70

    Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other…

  • CVE-2007-3605Jul 6, 2007
    risk 0.09cvss epss 0.70

    Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.

  • CVE-2006-4305Aug 30, 2006
    risk 0.09cvss epss 0.70

    Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

  • CVE-2009-4988Aug 25, 2010
    risk 0.08cvss epss 0.66

    Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.

  • CVE-2022-24260Feb 4, 2022
    risk 0.07cvss epss 0.51

    A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.

  • CVE-2021-33690Sep 15, 2021
    risk 0.07cvss epss 0.68

    Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who…

  • CVE-2020-6308Oct 20, 2020
    risk 0.07cvss epss 0.62

    SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful…

Page 10 of 37