VYPR

Vendor CVEs

SAP

All CVEs

1,818 total · sorted by risk
  • CVE-2016-2388MedKEVFeb 16, 2016
    risk 0.54cvss 5.3epss 0.52

    The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

  • CVE-2026-34259HigMay 12, 2026
    risk 0.53cvss 8.2epss 0.00

    Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the…

  • CVE-2026-0511HigJan 13, 2026
    risk 0.53cvss 8.1epss 0.00

    SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted.

  • CVE-2025-42878HigDec 9, 2025
    risk 0.53cvss 8.2epss 0.00

    SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on…

  • CVE-2025-42976HigAug 12, 2025
    risk 0.53cvss 8.1epss 0.00

    SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component.…

  • CVE-2025-42953HigJul 8, 2025
    risk 0.53cvss 8.1epss 0.00

    SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

  • CVE-2025-24876HigFeb 11, 2025
    risk 0.53cvss 8.1epss 0.00

    The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the…

  • CVE-2024-37177HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.00

    SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to…

  • CVE-2017-16349HigAug 2, 2018
    risk 0.53cvss 8.1epss 0.01

    An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue…

  • CVE-2018-2393HigFeb 14, 2018
    risk 0.53cvss 7.5epss 0.18

    Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

  • CVE-2018-2376HigFeb 14, 2018
    risk 0.53cvss 8.1epss 0.01

    In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.

  • CVE-2018-2375HigFeb 14, 2018
    risk 0.53cvss 8.1epss 0.01

    In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.

  • CVE-2016-6144HigAug 5, 2016
    risk 0.53cvss 8.1epss 0.04

    The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute…

  • CVE-2017-7696HigApr 14, 2017
    risk 0.52cvss 7.5epss 0.36

    SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.

  • CVE-2016-10079HigFeb 1, 2017
    risk 0.52cvss 7.5epss 0.07

    SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.

  • CVE-2025-42874HigDec 9, 2025
    risk 0.51cvss 7.9epss 0.00

    SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction…

  • CVE-2025-43000HigMay 13, 2025
    risk 0.51cvss 7.9epss 0.00

    Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.

  • CVE-2025-0069HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active…

  • CVE-2017-16690HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.01

    A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder…

  • CVE-2016-3946HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.00

    SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.

  • CVE-2025-42952HigJul 8, 2025
    risk 0.50cvss 7.7epss 0.00

    SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short…

  • CVE-2025-43011HigMay 13, 2025
    risk 0.50cvss 7.7epss 0.00

    Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the…

  • CVE-2025-30014HigApr 8, 2025
    risk 0.50cvss 7.7epss 0.01

    SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity…

  • CVE-2025-27428HigApr 8, 2025
    risk 0.50cvss 7.7epss 0.01

    Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high…

  • CVE-2018-2402HigMar 14, 2018
    risk 0.50cvss 7.6epss 0.02

    In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the…

  • CVE-2026-41039HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. …

  • CVE-2025-42877HigDec 9, 2025
    risk 0.49cvss 7.5epss 0.00

    SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity…

  • CVE-2025-42940HigNov 11, 2025
    risk 0.49cvss 7.5epss 0.00

    SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact…

  • CVE-2025-42995HigJun 10, 2025
    risk 0.49cvss 7.5epss 0.00

    SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and…

  • CVE-2025-42994HigJun 10, 2025
    risk 0.49cvss 7.5epss 0.00

    SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and…

  • CVE-2025-42977HigJun 10, 2025
    risk 0.49cvss 7.6epss 0.01

    SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low…

  • CVE-2018-2471HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2469HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2468HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2465HigSep 11, 2018
    risk 0.49cvss 7.5epss 0.03

    SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.

  • CVE-2018-2459HigSep 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.

  • CVE-2018-2458HigSep 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2446HigAug 14, 2018
    risk 0.49cvss 7.5epss 0.02

    Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.

  • CVE-2018-2438HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.02

    The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

  • CVE-2018-2433HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding…

  • CVE-2013-7245HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.01

    The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.

  • CVE-2018-2400HigMar 14, 2018
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2398HigMar 14, 2018
    risk 0.49cvss 7.5epss 0.01

    Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2373HigFeb 14, 2018
    risk 0.49cvss 7.5epss 0.01

    Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

  • CVE-2018-2360HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.

  • CVE-2017-16680HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.02

    Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of…

  • CVE-2017-15297HigOct 16, 2017
    risk 0.49cvss 7.5epss 0.03

    SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.

  • CVE-2017-14581HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.02

    The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.

  • CVE-2017-14511HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers…

  • CVE-2014-8871HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.

Page 3 of 37