Browse all 778 CVE security advisories affecting SAP SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SAP SE develops enterprise resource planning software that manages business processes for large organizations globally. With 778 recorded CVEs, its attack surface reflects the complexity of its extensive codebase. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations. These flaws allow attackers to bypass authentication, access sensitive data, or execute arbitrary commands on affected systems. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which have been actively exploited in the wild. The company maintains a rigorous security response program, issuing regular patches for identified weaknesses. However, the sheer volume of integrations and legacy components continues to present challenges for comprehensive vulnerability management. Organizations deploying SAP solutions must prioritize timely patching and strict access controls to mitigate these persistent risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-39804 | SAP 3D Visual Enterprise Author 缓冲区错误漏洞 — SAP 3D Visual Enterprise AuthorCWE-119 | 7.8 | - | 2022-10-11 |
| CVE-2022-39803 | SAP 3D Visual Enterprise Author 缓冲区错误漏洞 — SAP 3D Visual Enterprise AuthorCWE-119 | 7.8 | - | 2022-10-11 |
| CVE-2022-39802 | SAP Manufacturing Execution 路径遍历漏洞 — SAP Manufacturing ExecutionCWE-22 | 6.5 | - | 2022-10-11 |
| CVE-2022-39800 | SAP BusinessObjects BI LaunchPad 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)CWE-79 | 6.1 | - | 2022-10-11 |
| CVE-2022-39015 | SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP BusinessObjects Business Intelligence Platform (AdminTools/Query Builder)CWE-668 | 6.5 | - | 2022-10-11 |
| CVE-2022-39013 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP BusinessObjects Business Intelligence Platform (Program Objects)CWE-200 | 8.3 | - | 2022-10-11 |
| CVE-2022-35299 | SAP SQL Anywhere 安全漏洞 — SAP SQL AnywhereCWE-121 | 9.8 | - | 2022-10-11 |
| CVE-2022-35297 | SAP Enable Now 跨站脚本漏洞 — SAP Enable NowCWE-79 | 5.4 | - | 2022-10-11 |
| CVE-2022-35296 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP BusinessObjects Business Intelligence Platform (Version Management System)CWE-200 | 6.5 | - | 2022-10-11 |
| CVE-2022-35226 | SAP Data Services Management 跨站脚本漏洞 — SAP Data Services Management ConsoleCWE-79 | 6.1 | - | 2022-10-11 |
| CVE-2022-32244 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP BusinessObjects Business Intelligence Platform (Commentary DB)CWE-200 | 5.2 | - | 2022-09-13 |
| CVE-2022-39014 | SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP BusinessObjects Business Intelligence Platform (CMC)CWE-311 | 7.5 | - | 2022-09-13 |
| CVE-2022-39801 | Contributor License Agreement assistant 授权问题漏洞 — SAP GRC Access Control Emergency Access ManagementCWE-287 | 8.8 | - | 2022-09-13 |
| CVE-2022-39799 | SAP GUI 跨站脚本漏洞 — SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)CWE-79 | 6.1 | - | 2022-09-13 |
| CVE-2022-35298 | SAP NetWeaver Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal (KMC)CWE-79 | 6.1 | - | 2022-09-13 |
| CVE-2022-35294 | SAP NetWeaver Application Server 跨站脚本漏洞 — SAP NetWeaver AS ABAPCWE-79 | 5.4 | - | 2022-09-13 |
| CVE-2022-35292 | SAP Business One 代码问题漏洞 — SAP Business OneCWE-428 | 7.3 | - | 2022-09-13 |
| CVE-2022-35295 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP Host Agent (SAPOSCOL)CWE-755 | 7.2 | - | 2022-09-13 |
| CVE-2022-32245 | SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP BusinessObjects Business Intelligence Platform (Open Document)CWE-319 | 8.2 | - | 2022-08-09 |
| CVE-2022-35293 | SAP Enable Now Manager 安全漏洞 — SAP Enable Now ManagerCWE-862 | 9.1 | - | 2022-08-09 |
| CVE-2022-35290 | SAP Authenticator 信息泄露漏洞 — SAP Authenticator for AndroidCWE-200 | 7.5 | - | 2022-08-09 |
| CVE-2022-32249 | SAP S/4HANA 和 SAP Business One 安全漏洞 — SAP Business oneCWE-668 | 7.5 | - | 2022-07-12 |
| CVE-2022-35224 | SAP Enterprise Portal 跨站脚本漏洞 — SAP Enterprise PortalCWE-79 | 6.1 | - | 2022-07-12 |
| CVE-2022-35228 | SAP BusinessObjects Central Management Console 跨站请求伪造漏洞 — SAP BusinessObjects Business Intelligence Platform (Central management Console)CWE-352 | 8.1 | - | 2022-07-12 |
| CVE-2022-35225 | SAP NetWeaver和SAP NetWeaver Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise PortalCWE-79 | 6.1 | - | 2022-07-12 |
| CVE-2022-35227 | SAP NetWeaver Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal (WPC)CWE-79 | 6.1 | - | 2022-07-12 |
| CVE-2022-35172 | SAP NetWeaver和SAP NetWeaver Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise PortalCWE-79 | 6.1 | - | 2022-07-12 |
| CVE-2022-35171 | SAP 3D Visual Enterprise Viewer 输入验证错误漏洞 — SAP 3D Visual Enterprise ViewerCWE-20 | 5.5 | - | 2022-07-12 |
| CVE-2022-35169 | SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP BusinessObjects Business Intelligence Platform (LCM)CWE-200 | 6.7 | - | 2022-07-12 |
| CVE-2022-35170 | SAP NetWeaver Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise PortalCWE-79 | 6.1 | - | 2022-07-12 |
This page lists every published CVE security advisory associated with SAP SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.