Browse all 778 CVE security advisories affecting SAP SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SAP SE develops enterprise resource planning software that manages business processes for large organizations globally. With 778 recorded CVEs, its attack surface reflects the complexity of its extensive codebase. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations. These flaws allow attackers to bypass authentication, access sensitive data, or execute arbitrary commands on affected systems. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which have been actively exploited in the wild. The company maintains a rigorous security response program, issuing regular patches for identified weaknesses. However, the sheer volume of integrations and legacy components continues to present challenges for comprehensive vulnerability management. Organizations deploying SAP solutions must prioritize timely patching and strict access controls to mitigate these persistent risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-42061 | SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence PlatformCWE-79 | 5.4 | - | 2021-12-14 |
| CVE-2021-42068 | SAP 3D Visual Enterprise Viewer 输入验证错误漏洞 — SAP 3D Visual Enterprise Viewer | 3.3 | - | 2021-12-14 |
| CVE-2021-42064 | SAP Commerce SQL注入漏洞 — SAP Commerce | 9.1 | - | 2021-12-14 |
| CVE-2021-42070 | SAP 3D Visual Enterprise Viewer 输入验证错误漏洞 — SAP 3D Visual Enterprise Viewer | 7.8 | - | 2021-12-14 |
| CVE-2021-38182 | kyma 输入验证错误漏洞 — Kyma | 8.8 | - | 2021-12-14 |
| CVE-2021-42069 | SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞 — SAP 3D Visual Enterprise Viewer | 7.1 | - | 2021-12-14 |
| CVE-2021-42063 | SAP Knowledge Warehouse 跨站脚本漏洞 — SAP Knowledge Warehouse | 6.1 | - | 2021-12-14 |
| CVE-2021-42066 | SAP Business One 安全漏洞 — SAP Business OneCWE-312 | 4.4 | - | 2021-12-14 |
| CVE-2021-44232 | SAP SAF-T 路径遍历漏洞 — SAF-T Framework | 7.7 | - | 2021-12-14 |
| CVE-2021-44235 | SAP NetWeaver AS 操作系统命令注入漏洞 — SAP NetWeaver AS ABAP | 7.2 | - | 2021-12-14 |
| CVE-2021-44233 | SAP GRC Access Control 安全漏洞 — SAP GRC Access ControlCWE-862 | 8.8 | - | 2021-12-14 |
| CVE-2021-44231 | Adobe After Effects 代码注入漏洞 — SAP ABAP Server & ABAP Platform (Translation Tools) | 9.8 | - | 2021-12-14 |
| CVE-2021-42062 | SAP ERP HCM 安全漏洞 — SAP ERP HCM PortugalCWE-862 | - | - | 2021-11-10 |
| CVE-2021-40504 | SAP NetWeaver Application Server 权限许可和访问控制问题漏洞 — SAP NetWeaver AS for ABAP and ABAP PlatformCWE-863 | - | - | 2021-11-10 |
| CVE-2021-40503 | SAP GUI 信息泄露漏洞 — SAP GUI for WindowsCWE-522 | 7.1 | - | 2021-11-10 |
| CVE-2021-40502 | SAP Commerce 授权问题漏洞 — SAP CommerceCWE-862 | 8.8 | - | 2021-11-10 |
| CVE-2021-40501 | SAP AS ABAP 授权问题漏洞 — SAP ABAP Platform KernelCWE-862 | 8.1 | - | 2021-11-10 |
| CVE-2021-40500 | SAP BusinessObjects Business Intelligence Platform和SAP BusinessObjects Business Intelligence Platform 代码问题漏洞 — SAP BusinessObjects Business Intelligence Platform (Crystal Reports)CWE-611 | 7.5 | - | 2021-10-12 |
| CVE-2021-40498 | Sap SuccessFactors 安全漏洞 — SAP SuccessFactors Mobile Application (for Android devices) | 5.5 | - | 2021-10-12 |
| CVE-2021-38183 | SAP Netweaver 跨站脚本漏洞 — SAP NetWeaver | 6.1 | - | 2021-10-12 |
| CVE-2021-40499 | SAP NetWeaver Application Server 代码注入漏洞 — SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint) | 9.8 | - | 2021-10-12 |
| CVE-2021-40496 | Sap Internet Communication Framework 访问控制错误漏洞 — SAP NetWeaver AS ABAP and ABAP PlatformCWE-668 | 5.3 | - | 2021-10-12 |
| CVE-2021-38180 | SAP Business One 安全漏洞 — SAP Business OneCWE-1236 | 8.8 | - | 2021-10-12 |
| CVE-2021-38178 | SAP NetWeaver AS 安全漏洞 — SAP NetWeaver AS ABAP and ABAP Platform | 9.9 | - | 2021-10-12 |
| CVE-2021-40497 | SAP Business Objects Analysis 安全漏洞 — SAP BusinessObjects Analysis, (edition for OLAP) | 5.3 | - | 2021-10-12 |
| CVE-2021-40495 | SAP NetWeaver Application Server 代码问题漏洞 — SAP NetWeaver AS ABAP and ABAP Platform | 5.3 | - | 2021-10-12 |
| CVE-2021-38181 | SAP NetWeaver AS 资源管理错误漏洞 — SAP NetWeaver AS ABAP and ABAP Platform | 7.5 | - | 2021-10-12 |
| CVE-2021-38179 | SAP Business One 安全漏洞 — SAP Business One | 4.9 | - | 2021-10-12 |
| CVE-2021-33704 | SAP Business One 安全漏洞 — SAP Business OneCWE-862 | 8.8 | - | 2021-09-15 |
| CVE-2021-33701 | SAP ERP SQL注入漏洞 — DMIS Mobile Plug-InCWE-89 | 7.2 | - | 2021-09-15 |
This page lists every published CVE security advisory associated with SAP SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.