Browse all 159 CVE security advisories affecting SAP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SAP operates enterprise resource planning software that manages core business processes for global organizations. With 159 recorded CVEs, the platform has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex integrations and legacy codebases, allowing attackers to bypass authentication or execute arbitrary commands. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which exposed sensitive data and enabled unauthorized system access. The sheer scale of SAP deployments makes it a high-value target for ransomware groups and state-sponsored actors seeking to disrupt supply chains or financial operations. Security teams must prioritize patching these known weaknesses, as unaddressed vulnerabilities can lead to significant data breaches and operational downtime. Continuous monitoring and strict access controls are essential to mitigate the inherent risks associated with such a pervasive enterprise ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-2461 | SAP HCM Fiori People Profile GBX01 HR 安全漏洞 — GBX01 HR | 8.8 | - | 2018-09-11 |
| CVE-2018-2462 | SAP NetWeaver BI 安全漏洞 — SAP NetWeaver BI | 8.3 | - | 2018-09-11 |
| CVE-2018-2463 | SAP Hybris Commerce Omni Commerce Connect API 代码问题漏洞 — SAP Hybris Commerce | 8.6 | - | 2018-09-11 |
| CVE-2018-2464 | SAP WebDynpro Java 跨站脚本漏洞 — SAP WebDynpro | 6.1 | - | 2018-09-11 |
| CVE-2018-2465 | SAP HANA 安全漏洞 — SAP HANA | 7.5 | - | 2018-09-11 |
| CVE-2018-2441 | SAP KERNEL 输入验证错误漏洞 — SAP Change and Transport System (ABAP) | 7.5 | - | 2018-08-14 |
| CVE-2018-2442 | SAP BusinessObjects Business Intelligence 跨站请求伪造漏洞 — SAP BusinessObjects Business Intelligence | 4.3 | - | 2018-08-14 |
| CVE-2018-2444 | SAP Business Objects Financial Consolidation 跨站脚本漏洞 — SAP BusinessObjects Financial Consolidation | 6.1 | - | 2018-08-14 |
| CVE-2018-2445 | SAP BusinessObjects Business Intelligence Admin Tools 安全漏洞 — SAP BusinessObjects Business Intelligence Platform | 9.6 | - | 2018-08-14 |
| CVE-2018-2446 | SAP BusinessObjects Business Intelligence Admin Tools 信息泄露漏洞 — SAP BusinessObjects Business Intelligence | 7.5 | - | 2018-08-14 |
| CVE-2018-2447 | SAP BusinessObjects Business Intelligence 安全漏洞 — SAP BusinessObjects Business Intelligence | 6.5 | - | 2018-08-14 |
| CVE-2018-2448 | SAP BusinessObjects Business Intelligence Platform Admin Tools 信息泄露漏洞 — SAP SRM-MDM CATALOG | 5.3 | - | 2018-08-14 |
| CVE-2018-2449 | SAP SRM MDM Catalog 安全漏洞 — SAP Supplier Relationship Management Master Data Management Catalog | 8.2 | - | 2018-08-14 |
| CVE-2018-2450 | SAP MaxDB(liveCache安全漏洞 — SAP MaxDB (liveCache) | 7.2 | - | 2018-08-14 |
| CVE-2018-2451 | SAP HANA Extended Application Services 代码问题漏洞 — SAP HANA Extended Application Services | 7.5 | - | 2018-08-14 |
| CVE-2018-2427 | SAP BusinessObjects Business Intelligence Suite和Crystal Reports 代码注入漏洞 — SAP BusinessObjects Business Intelligence Suite | 8.8 | - | 2018-07-10 |
| CVE-2018-2431 | SAP BusinessObjects Business Intelligence Suite 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence Suite | 6.1 | - | 2018-07-10 |
| CVE-2018-2432 | SAP BusinessObjects Business Intelligence 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) | 5.4 | - | 2018-07-10 |
| CVE-2018-2433 | SAP Gateway 安全漏洞 — SAP Gateway | 7.5 | - | 2018-07-10 |
| CVE-2018-2434 | SAP UI、NetWeaver和UI_Infra 输入验证错误漏洞 — SAP NetWeaver (UI_Infra) | 4.3 | - | 2018-07-10 |
| CVE-2018-2435 | SAP NetWeaver Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal | 6.1 | - | 2018-07-10 |
| CVE-2018-2436 | SAP R/3 Enterprise Retail (EHP6) Executing transaction WRCK 安全漏洞 — SAP R/3 Enterprise Retail | 8.8 | - | 2018-07-10 |
| CVE-2018-2437 | SAP Internet Graphics Server 命令注入漏洞 — SAP Internet Graphics Server (IGS) | 9.1 | - | 2018-07-10 |
| CVE-2018-2438 | SAP Internet Graphics Server 安全漏洞 — SAP Internet Graphics Server (IGS) | 7.5 | - | 2018-07-10 |
| CVE-2018-2439 | SAP Internet Graphics Server 安全漏洞 — SAP Internet Graphics Server (IGS) | 5.9 | - | 2018-07-10 |
| CVE-2018-2440 | SAP Dynamic Authorization Management by NextLabs 安全漏洞 — SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions) | 4.4 | - | 2018-07-10 |
| CVE-2018-2416 | SAP Identity Management 安全漏洞 — SAP Identity Management | 7.1 | - | 2018-05-09 |
| CVE-2017-16678 | SAP NetWeaver Knowledge Management Configuration Service 代码问题漏洞 — SAP NetWeaver Knowledge Management Configuration Service | 5.5 | - | 2017-12-12 |
| CVE-2017-16679 | SAP KERNEL SAP Startup Service 安全漏洞 — SAP Startup Service | 6.1 | - | 2017-12-12 |
| CVE-2017-16680 | SAP HANA Extended Application Services 安全漏洞 — SAP HANA extended application services | 7.5 | - | 2017-12-12 |
This page lists every published CVE security advisory associated with SAP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.