Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP — Vulnerabilities & Security Advisories 159

Browse all 159 CVE security advisories affecting SAP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP operates enterprise resource planning software that manages core business processes for global organizations. With 159 recorded CVEs, the platform has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex integrations and legacy codebases, allowing attackers to bypass authentication or execute arbitrary commands. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which exposed sensitive data and enabled unauthorized system access. The sheer scale of SAP deployments makes it a high-value target for ransomware groups and state-sponsored actors seeking to disrupt supply chains or financial operations. Security teams must prioritize patching these known weaknesses, as unaddressed vulnerabilities can lead to significant data breaches and operational downtime. Continuous monitoring and strict access controls are essential to mitigate the inherent risks associated with such a pervasive enterprise ecosystem.

Top products by SAP: NetWeaver AS for ABAP and ABAP Platform SAP Fiori Client SAP BusinessObjects Business Intelligence Platform SAP HANA extended application services NetWeaver AS ABAP (BSP Framework) NetWeaver Application Server for ABAP and ABAP Platform BusinessObjects Business Intelligence Platform (Web Services) SAP Internet Graphics Server (IGS) NetWeaver AS for Java SAP BusinessObjects Business Intelligence SAP HANA CRM (WebClient UI) Application Interface Framework (Message Dashboard) Business Planning and Consolidation SAP NetWeaver AS Java (ServerCore) NetWeaver Process Integration SAP Adaptive Server Enterprise (ASE) Solution Manager SAP BusinessObjects Business Intelligence Suite SAP Enterprise Financial Services Solution Manager (BSP Application) NetWeaver ABAP Server and ABAP Platform NetWeaver AS ABAP and ABAP Platform HCM Fiori App My Forms (Fiori 2.0) Bank Account Management (Manage Banks) Commerce Webservices 2.0 (Swagger UI) Sourcing and SAP Contract Lifecycle Management BusinessObjects Business Intelligence Platform Disclosure Management BASIS
CVE IDTitleCVSSSeverityPublished
CVE-2023-26460 Improper Access Control in SAP NetWeaver AS Java (Cache Management Service) — NetWeaver AS for JavaCWE-284 5.3 Medium2023-03-14
CVE-2023-26457 Cross-Site Scripting (XSS) vulnerability in SAP Content Server — Content ServerCWE-79 6.1 Medium2023-03-14
CVE-2023-25618 Denial of Service (DoS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP PlatformCWE-400 6.5 Medium2023-03-14
CVE-2023-26459 Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP PlatformCWE-918 7.4 High2023-03-14
CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server) — Business Objects (Adaptive Job Server)CWE-78 9.0 Critical2023-03-14
CVE-2023-25616 Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC) — Business Objects Business Intelligence Platform (CMC)CWE-74 9.9 Critical2023-03-14
CVE-2023-25615 SQL Injection vulnerability in SAP ABAP Platform — ABAP PlatformCWE-89 6.8 Medium2023-03-14
CVE-2023-24526 Improper Access Control in SAP NetWeaver AS Java (Classload Service) — NetWeaver AS Java for Classload ServiceCWE-306 5.3 Medium2023-03-14
CVE-2023-23857 Improper Access Control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-287 9.9 Critical2023-03-14
CVE-2023-25614 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS ABAP (BSP Framework)CWE-79 6.1 Medium2023-02-14
CVE-2023-24530 SAP BusinessObjects Business Intelligence Platform 代码问题漏洞 — BusinessObjects Business Intelligence Platform (CMC)CWE-434 8.4 High2023-02-14
CVE-2023-24529 BSP 跨站脚本漏洞 — NetWeaver AS ABAP (Business Server Pages application)CWE-79 6.1 Medium2023-02-14
CVE-2023-24528 SAP ERP 安全漏洞 — Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests)CWE-862 6.5 Medium2023-02-14
CVE-2023-24525 SAP CRM 跨站脚本漏洞 — CRM (WebClient UI)CWE-79 4.3 Medium2023-02-14
CVE-2023-24524 SAP S/4 HANA 安全漏洞 — S/4 HANA (Map Treasury Correspondence Format Data)CWE-862 6.5 Medium2023-02-14
CVE-2023-24523 SAP Host Agent 安全漏洞 — Host Agent ServiceCWE-668 8.8 High2023-02-14
CVE-2023-24522 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS ABAP (BSP Framework)CWE-79 6.1 Medium2023-02-14
CVE-2023-24521 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS ABAP (BSP Framework)CWE-79 6.1 Medium2023-02-14
CVE-2023-23860 SAP NetWeaver AS 输入验证错误漏洞 — NetWeaver AS for ABAP and ABAP PlatformCWE-601 6.1 Medium2023-02-14
CVE-2023-23859 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS for ABAP and ABAP PlatformCWE-79 6.1 Medium2023-02-14
CVE-2023-23855 SAP Solution Manager 输入验证错误漏洞 — Solution ManagerCWE-601 6.5 Medium2023-02-14
CVE-2023-23854 SAP NetWeaver Application Server 安全漏洞 — NetWeaver AS ABAP and ABAP PlatformCWE-862 3.8 Low2023-02-14
CVE-2023-23853 SAP NetWeaver Application Server 输入验证错误漏洞 — NetWeaver Application Server for ABAP and ABAP PlatformCWE-601 6.1 Medium2023-02-14
CVE-2023-23852 SAP Solution Manager 跨站脚本漏洞 — Solution ManagerCWE-79 6.1 Medium2023-02-14
CVE-2023-23851 SAP Business Planning and Consolidation 代码问题漏洞 — Business Planning and ConsolidationCWE-434 5.4 Medium2023-02-14
CVE-2023-0025 SAP Solution Manager 跨站脚本漏洞 — Solution Manager (BSP Application)CWE-79 6.5 Medium2023-02-14
CVE-2023-0024 SAP Solution Manager 跨站脚本漏洞 — Solution Manager (BSP Application)CWE-79 6.5 Medium2023-02-14
CVE-2023-0023 Information Disclosure in SAP Bank Account Management (Manage Banks) — Bank Account Management (Manage Banks)CWE-200 4.5 Medium2023-01-10
CVE-2023-0022 Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP) — BusinessObjects Business Intelligence platform (Analysis edition for OLAP)CWE-94 9.9 Critical2023-01-10
CVE-2023-0018 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) — BusinessObjects Business Intelligence Platform (Central management console)CWE-79 10.0 Critical2023-01-10

This page lists every published CVE security advisory associated with SAP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.