VYPR

Vendor CVEs

SAP

All CVEs

1,818 total · sorted by risk
  • CVE-2017-9845HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.03

    disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.

  • CVE-2017-9844HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.06

    SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of…

  • CVE-2017-8915HigMay 23, 2017
    risk 0.49cvss 7.5epss 0.03

    sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.

  • CVE-2017-5997HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.02

    The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.

  • CVE-2017-5372HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.03

    The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4)…

  • CVE-2017-5371HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.04

    Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.

  • CVE-2016-10005HigDec 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.

  • CVE-2016-9562HigNov 23, 2016
    risk 0.49cvss 7.5epss 0.04

    SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

  • CVE-2016-3635HigOct 13, 2016
    risk 0.49cvss 7.5epss 0.02

    SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication…

  • CVE-2016-4551HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.

  • CVE-2016-6142HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.03

    SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.

  • CVE-2016-6148HigAug 5, 2016
    risk 0.49cvss 7.5epss 0.04

    SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.

  • CVE-2016-4017HigApr 14, 2016
    risk 0.49cvss 7.5epss 0.01

    The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.

  • CVE-2016-4015HigApr 14, 2016
    risk 0.49cvss 7.5epss 0.03

    The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.

  • CVE-2016-3980HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.07

    The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.

  • CVE-2016-3979HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.06

    Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.

  • CVE-2018-2408HigApr 10, 2018
    risk 0.48cvss 7.3epss 0.02

    Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

  • CVE-2016-4018HigApr 14, 2016
    risk 0.48cvss 7.3epss 0.01

    The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note…

  • CVE-2024-54197HigDec 10, 2024
    risk 0.47cvss 7.2epss 0.00

    SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a…

  • CVE-2024-39597HigJul 9, 2024
    risk 0.47cvss 7.2epss 0.00

    In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as…

  • CVE-2024-27901HigApr 9, 2024
    risk 0.47cvss 7.2epss 0.01

    SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

  • CVE-2018-2450HigAug 14, 2018
    risk 0.47cvss 7.2epss 0.02

    SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.

  • CVE-2017-16682HigDec 12, 2017
    risk 0.47cvss 7.2epss 0.02

    SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.

  • CVE-2026-44751HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact…

  • CVE-2026-34256HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is…

  • CVE-2025-42876HigDec 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful…

  • CVE-2025-24868HigFeb 11, 2025
    risk 0.46cvss 7.1epss 0.00

    The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due…

  • CVE-2025-42895MedNov 11, 2025
    risk 0.45cvss 6.9epss 0.00

    Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact…

  • CVE-2025-42946MedAug 12, 2025
    risk 0.45cvss 6.9epss 0.01

    Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This…

  • CVE-2025-43001MedJul 8, 2025
    risk 0.45cvss 6.9epss 0.00

    SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by…

  • CVE-2025-42992MedJul 8, 2025
    risk 0.45cvss 6.9epss 0.00

    SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has…

  • CVE-2025-42993MedJun 10, 2025
    risk 0.44cvss 6.7epss 0.00

    Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events…

  • CVE-2025-30013MedApr 8, 2025
    risk 0.44cvss 6.7epss 0.01

    SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the…

  • CVE-2025-26654MedApr 8, 2025
    risk 0.44cvss 6.8epss 0.00

    SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on…

  • CVE-2025-26658MedMar 11, 2025
    risk 0.44cvss 6.8epss 0.00

    The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and…

  • CVE-2025-24875MedFeb 11, 2025
    risk 0.44cvss 6.8epss 0.00

    SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future…

  • CVE-2025-24874MedFeb 11, 2025
    risk 0.44cvss 6.8epss 0.00

    SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP…

  • CVE-2026-44754MedJun 9, 2026
    risk 0.43cvss 6.6epss 0.00

    The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its…

  • CVE-2026-0496MedJan 13, 2026
    risk 0.43cvss 6.6epss 0.00

    SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.

  • CVE-2025-42875MedDec 9, 2025
    risk 0.43cvss 6.6epss 0.00

    The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and…

  • CVE-2025-42997MedMay 13, 2025
    risk 0.43cvss 6.6epss 0.00

    Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially…

  • CVE-2018-2451MedAug 14, 2018
    risk 0.43cvss 6.6epss 0.01

    XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even…

  • CVE-2018-11415MedMay 24, 2018
    risk 0.43cvss 6.1epss 0.08

    SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

  • CVE-2026-44744MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not…

  • CVE-2026-40135MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This…

  • CVE-2026-34264MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of…

  • CVE-2026-34261MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability…

  • CVE-2026-27679MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while…

  • CVE-2026-27678MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while…

  • CVE-2026-27677MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and…

Page 4 of 37