Browse all 778 CVE security advisories affecting SAP SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SAP SE develops enterprise resource planning software that manages business processes for large organizations globally. With 778 recorded CVEs, its attack surface reflects the complexity of its extensive codebase. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations. These flaws allow attackers to bypass authentication, access sensitive data, or execute arbitrary commands on affected systems. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which have been actively exploited in the wild. The company maintains a rigorous security response program, issuing regular patches for identified weaknesses. However, the sheer volume of integrations and legacy components continues to present challenges for comprehensive vulnerability management. Organizations deploying SAP solutions must prioritize timely patching and strict access controls to mitigate these persistent risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-0319 | SAP Gateway 注入漏洞 — SAP Gateway | - | - | 2019-07-10 |
| CVE-2019-0318 | SAP Netweaver Application Server Java 信息泄露漏洞 — SAP NetWeaver Application Server for Java (Startup Framework) | 7.5 | - | 2019-07-10 |
| CVE-2019-0281 | SAP SAPUI5和OpenUI5 跨站脚本漏洞 — OpenUI5 | 6.1 | - | 2019-07-10 |
| CVE-2019-0316 | SAP NetWeaver Process Integration 跨站脚本漏洞 — SAP NetWeaver Process Integration(SAP_XIESR) | 4.8 | - | 2019-06-14 |
| CVE-2019-0303 | SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence Platform (Administration Console) | 6.4 | - | 2019-06-14 |
| CVE-2019-0311 | SAP R/3 Enterprise Application 跨站脚本漏洞 — SAP R/3 Enterprise Application | 5.4 | - | 2019-06-12 |
| CVE-2019-0312 | SAP NetWeaver Process Integration 访问控制错误漏洞 — SAP NetWeaver Process Integration(SAP_XIESR) | 5.3 | - | 2019-06-12 |
| CVE-2019-0314 | SAP Inventory Manager和SAP Work Manager 访问控制错误漏洞 — SAP Work Manager | 7.5 | - | 2019-06-12 |
| CVE-2019-0315 | SAP NetWeaver Process Integration 信息泄露漏洞 — SAP NetWeaver Process Integration(SAP_XIESR) | 7.5 | - | 2019-06-12 |
| CVE-2019-0304 | SAP NetWeaver AS ABAP Platform 代码注入漏洞 — SAP NetWeaver AS ABAP Platform(KRNL32NUC) | 9.1 | - | 2019-06-12 |
| CVE-2019-0305 | SAP NetWeaver Process Integration 代码问题漏洞 — SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | 4.3 | - | 2019-06-12 |
| CVE-2019-0306 | SAP HANA Extended Application Services 信息泄露漏洞 — SAP HANA Extended Application Services (advanced model) | 4.3 | - | 2019-06-12 |
| CVE-2019-0307 | SAP Solution Manager 信任管理问题漏洞 — SAP Solution Manager(Diagnostics Agent) | 2.7 | - | 2019-06-12 |
| CVE-2019-0308 | SAP E-Commerce 代码注入漏洞 — SAP E-Commerce (Business-to-Consumer application) | 8.0 | - | 2019-06-12 |
| CVE-2019-0301 | SAP Identity Management REST Interface 权限许可和访问控制问题漏洞 — SAP Identity Management (REST Interface) | 8.8 | - | 2019-05-14 |
| CVE-2019-0298 | SAP E-Commerce 跨站脚本漏洞 — SAP E-Commerce (SAP-CRMJAV, SAP-CRMWEB, SAP-SHRWEB, SAP-SHRJAV, SAP-CRMAPP, SAP-SHRAPP) | 6.1 | - | 2019-05-14 |
| CVE-2019-0293 | SAP Solution Manager ST-PI 权限许可和访问控制问题漏洞 — SAP Solution Manager system (ST-PI) | 6.5 | - | 2019-05-14 |
| CVE-2019-0291 | SAP Solution Manager 信息泄露漏洞 — SAP Solution Manager | 6.2 | - | 2019-05-14 |
| CVE-2019-0289 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP BusinessObjects Business Intelligence platform | 7.5 | - | 2019-05-14 |
| CVE-2019-0287 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP BusinessObjects Business Intelligence platform (Central Management Server) | 7.5 | - | 2019-05-14 |
| CVE-2019-0280 | SAP Treasury and Risk Management 授权问题漏洞 — SAP Treasury and Risk Management(EA-FINSERV) | 8.8 | - | 2019-05-14 |
| CVE-2019-0285 | SAP Crystal Reports for Visual Studio 信息泄露漏洞 — SAP Crystal Reports for Visual Studio | 9.1 | - | 2019-04-10 |
| CVE-2019-0284 | SAP HANA 代码问题漏洞 — SAP HANA | 7.2 | - | 2019-04-10 |
| CVE-2019-0283 | SAP Netweaver Process Integration 访问控制错误漏洞 — SAP NetWeaver Process Integration (Adapter Engine) | 7.1 | - | 2019-04-10 |
| CVE-2019-0282 | SAP NetWeaver Process Integration 授权问题漏洞 — SAP NetWeaver Process Integration (Runtime Workbench) | 5.3 | - | 2019-04-10 |
| CVE-2019-0279 | SAP Basis 授权问题漏洞 — SAP BASIS | 8.8 | - | 2019-04-10 |
| CVE-2019-0278 | SAP Netweaver Process Integration 信息泄露漏洞 — SAP NetWeaver Process Integration (Messaging System) | 4.3 | - | 2019-04-10 |
| CVE-2019-0268 | SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP BusinessObjects Business Intelligence Platform (CMC Module) | 8.1 | - | 2019-03-12 |
| CVE-2019-0269 | SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence Platform (BI Workspace) | 5.4 | - | 2019-03-12 |
| CVE-2019-0270 | SAP Netweaver ABAP 权限许可和访问控制问题漏洞 — ABAP Platform & Server (KRNL32NUC) | 8.8 | - | 2019-03-12 |
This page lists every published CVE security advisory associated with SAP SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.