Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP — Vulnerabilities & Security Advisories 159

Browse all 159 CVE security advisories affecting SAP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP operates enterprise resource planning software that manages core business processes for global organizations. With 159 recorded CVEs, the platform has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex integrations and legacy codebases, allowing attackers to bypass authentication or execute arbitrary commands. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which exposed sensitive data and enabled unauthorized system access. The sheer scale of SAP deployments makes it a high-value target for ransomware groups and state-sponsored actors seeking to disrupt supply chains or financial operations. Security teams must prioritize patching these known weaknesses, as unaddressed vulnerabilities can lead to significant data breaches and operational downtime. Continuous monitoring and strict access controls are essential to mitigate the inherent risks associated with such a pervasive enterprise ecosystem.

Top products by SAP: NetWeaver AS for ABAP and ABAP Platform SAP Fiori Client SAP BusinessObjects Business Intelligence Platform SAP HANA extended application services NetWeaver AS ABAP (BSP Framework) NetWeaver Application Server for ABAP and ABAP Platform BusinessObjects Business Intelligence Platform (Web Services) SAP Internet Graphics Server (IGS) NetWeaver AS for Java SAP BusinessObjects Business Intelligence SAP HANA CRM (WebClient UI) Application Interface Framework (Message Dashboard) Business Planning and Consolidation SAP NetWeaver AS Java (ServerCore) NetWeaver Process Integration SAP Adaptive Server Enterprise (ASE) Solution Manager SAP BusinessObjects Business Intelligence Suite SAP Enterprise Financial Services Solution Manager (BSP Application) NetWeaver ABAP Server and ABAP Platform NetWeaver AS ABAP and ABAP Platform HCM Fiori App My Forms (Fiori 2.0) Bank Account Management (Manage Banks) Commerce Webservices 2.0 (Swagger UI) Sourcing and SAP Contract Lifecycle Management BusinessObjects Business Intelligence Platform Disclosure Management BASIS
CVE IDTitleCVSSSeverityPublished
CVE-2023-0017 Improper access control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-284 9.4 Critical2023-01-10
CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation MS — SAP BPC MS 10.0CWE-89 9.9 Critical2023-01-10
CVE-2023-0015 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence) — SAP BusinessObjects Business Intelligence PlatformCWE-79 4.6 Medium2023-01-10
CVE-2023-0014 Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver ABAP Server and ABAP PlatformCWE-294 9.0 Critical2023-01-10
CVE-2023-0013 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP PlatformCWE-79 6.1 Medium2023-01-10
CVE-2023-0012 Local Privilege Escalation in SAP Host Agent (Windows) — Host Agent (Windows)CWE-284 6.4 Medium2023-01-10
CVE-2022-41275 SAP Solution Manager 输入验证错误漏洞 — Solution Manager (Enterprise Search)CWE-601 6.1 Medium2022-12-13
CVE-2022-41274 SAP Disclosure Management 信息泄露漏洞 — Disclosure ManagementCWE-863 6.5 Medium2022-12-13
CVE-2022-41273 SAP Sourcing和SAP Contract Lifecycle Management 1100 输入验证错误漏洞 — Sourcing and SAP Contract Lifecycle ManagementCWE-601 4.3 Medium2022-12-13
CVE-2022-41272 SAP NetWeaver Process Integration 安全漏洞 — NetWeaver Process IntegrationCWE-862 9.9 Critical2022-12-13
CVE-2022-41271 SAP NetWeaver Process Integration 安全漏洞 — NetWeaver Process IntegrationCWE-862 9.4 Critical2022-12-13
CVE-2022-41268 多款产品安全漏洞 — Business Planning and ConsolidationCWE-269 8.5 High2022-12-13
CVE-2022-41267 SAP Business Objects 代码问题漏洞 — BusinessObjects Business Intelligence PlatformCWE-434 9.9 Critical2022-12-13
CVE-2022-41266 SAP Commerce跨站脚本漏洞 — Commerce Webservices 2.0 (Swagger UI)CWE-79 8.0 High2022-12-13
CVE-2022-41264 SAP Basis 代码注入漏洞 — BASISCWE-94 8.8 High2022-12-13
CVE-2022-41263 SAP Business Objects Business Intelligence Platform 跨站请求伪造漏洞 — Business Objects Business Intelligence Platform (Web intelligence)CWE-352 4.3 Medium2022-12-12
CVE-2022-41262 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS for Java (Http Provider Service)CWE-79 6.1 Medium2022-12-12
CVE-2022-41261 SAP Solution Manager 安全漏洞 — Solution Manager (Diagnostic Agent)CWE-284 6.0 Medium2022-12-12
CVE-2022-31596 SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP Business Objects Platform (Monitoring DB) CWE-668 6.7 -2022-12-12
CVE-2021-41251 Possibility to elevate privileges or get unauthorized access to data — cloud-sdk-jsCWE-200 5.9 Medium2021-11-05
CVE-2021-21316 Arbitrary code execution in less-openui5 — less-openui5CWE-74 6.3 Medium2021-02-16
CVE-2018-2486 SAP Marketing 跨站脚本漏洞 — SAP Marketing (UICUAN) 5.4 -2018-12-11
CVE-2018-2492 SAP NetWeaver AS Java 安全漏洞 — SAP NetWeaver Application Server (Java Library) 6.5 -2018-12-11
CVE-2018-2494 SAP NetWeaver SAP Basis AS ABAP 安全漏洞 — SAP Basis (AS ABAP of SAP NetWeaver) 8.0 -2018-12-11
CVE-2018-2497 SAP HANA 输入验证错误漏洞 — SAP HANA 6.5 -2018-12-11
CVE-2018-2500 SAP Mobile Secure Android Client 信息泄露漏洞 — SAP Mobile Secure for Android 5.1 -2018-12-11
CVE-2018-2502 SAP Business One Service Layer 安全漏洞 — SAP Business One Service Layer (B1_ON_HANA) 6.1 -2018-12-11
CVE-2018-2503 SAP NetWeaver AS Java 安全漏洞 — SAP NetWeaver AS Java (ServerCore) 7.4 -2018-12-11
CVE-2018-2504 SAP NetWeaver AS Java Web Container service 跨站脚本漏洞 — SAP NetWeaver AS Java (ServerCore) 6.1 -2018-12-11
CVE-2018-2505 SAP Commerce 跨站脚本漏洞 — SAP Commerce (SAP Hybris Commerce) 6.1 -2018-12-11

This page lists every published CVE security advisory associated with SAP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.