SAP 厂商漏洞列表 / CVE 中文分析 159

SAP 厂商相关 159 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

SAP 是全球领先的企业应用软件供应商，其核心产品涵盖 ERP、CRM 及数据分析平台。历史漏洞多集中于远程代码执行、SQL 注入及身份验证绕过，常因复杂集成架构引发越权访问。近期重大事件涉及多个高严重性 CVE，影响部分云端及本地部署版本。厂商持续发布安全补丁以修复逻辑缺陷，建议用户及时更新并强化访问控制策略，降低潜在攻击面。

上位製品 SAP: NetWeaver AS for ABAP and ABAP Platform SAP Fiori Client SAP BusinessObjects Business Intelligence Platform SAP HANA extended application services NetWeaver AS ABAP (BSP Framework) NetWeaver Application Server for ABAP and ABAP Platform BusinessObjects Business Intelligence Platform (Web Services) SAP Internet Graphics Server (IGS) NetWeaver AS for Java SAP BusinessObjects Business Intelligence SAP HANA CRM (WebClient UI) Application Interface Framework (Message Dashboard) Business Planning and Consolidation SAP NetWeaver AS Java (ServerCore) NetWeaver Process Integration SAP Adaptive Server Enterprise (ASE) Solution Manager SAP BusinessObjects Business Intelligence Suite SAP Enterprise Financial Services Solution Manager (BSP Application) NetWeaver ABAP Server and ABAP Platform NetWeaver AS ABAP and ABAP Platform HCM Fiori App My Forms (Fiori 2.0) Bank Account Management (Manage Banks) Commerce Webservices 2.0 (Swagger UI) Sourcing and SAP Contract Lifecycle Management BusinessObjects Business Intelligence Platform Disclosure Management BASIS

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2023-0017	Improper access control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-284	9.4	Critical	2023-01-10
CVE-2023-0016	SQL Injection vulnerability in SAP Business Planning and Consolidation MS — SAP BPC MS 10.0CWE-89	9.9	Critical	2023-01-10
CVE-2023-0015	Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence) — SAP BusinessObjects Business Intelligence PlatformCWE-79	4.6	Medium	2023-01-10
CVE-2023-0014	Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver ABAP Server and ABAP PlatformCWE-294	9.0	Critical	2023-01-10
CVE-2023-0013	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP PlatformCWE-79	6.1	Medium	2023-01-10
CVE-2023-0012	Local Privilege Escalation in SAP Host Agent (Windows) — Host Agent (Windows)CWE-284	6.4	Medium	2023-01-10
CVE-2022-41275	SAP Solution Manager 输入验证错误漏洞 — Solution Manager (Enterprise Search)CWE-601	6.1	Medium	2022-12-13
CVE-2022-41274	SAP Disclosure Management 信息泄露漏洞 — Disclosure ManagementCWE-863	6.5	Medium	2022-12-13
CVE-2022-41273	SAP Sourcing和SAP Contract Lifecycle Management 1100 输入验证错误漏洞 — Sourcing and SAP Contract Lifecycle ManagementCWE-601	4.3	Medium	2022-12-13
CVE-2022-41272	SAP NetWeaver Process Integration 安全漏洞 — NetWeaver Process IntegrationCWE-862	9.9	Critical	2022-12-13
CVE-2022-41271	SAP NetWeaver Process Integration 安全漏洞 — NetWeaver Process IntegrationCWE-862	9.4	Critical	2022-12-13
CVE-2022-41268	多款产品安全漏洞 — Business Planning and ConsolidationCWE-269	8.5	High	2022-12-13
CVE-2022-41267	SAP Business Objects 代码问题漏洞 — BusinessObjects Business Intelligence PlatformCWE-434	9.9	Critical	2022-12-13
CVE-2022-41266	SAP Commerce跨站脚本漏洞 — Commerce Webservices 2.0 (Swagger UI)CWE-79	8.0	High	2022-12-13
CVE-2022-41264	SAP Basis 代码注入漏洞 — BASISCWE-94	8.8	High	2022-12-13
CVE-2022-41263	SAP Business Objects Business Intelligence Platform 跨站请求伪造漏洞 — Business Objects Business Intelligence Platform (Web intelligence)CWE-352	4.3	Medium	2022-12-12
CVE-2022-41262	SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS for Java (Http Provider Service)CWE-79	6.1	Medium	2022-12-12
CVE-2022-41261	SAP Solution Manager 安全漏洞 — Solution Manager (Diagnostic Agent)CWE-284	6.0	Medium	2022-12-12
CVE-2022-31596	SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP Business Objects Platform (Monitoring DB) CWE-668	6.7	-	2022-12-12
CVE-2021-41251	Possibility to elevate privileges or get unauthorized access to data — cloud-sdk-jsCWE-200	5.9	Medium	2021-11-05
CVE-2021-21316	Arbitrary code execution in less-openui5 — less-openui5CWE-74	6.3	Medium	2021-02-16
CVE-2018-2486	SAP Marketing 跨站脚本漏洞 — SAP Marketing (UICUAN)	5.4	-	2018-12-11
CVE-2018-2492	SAP NetWeaver AS Java 安全漏洞 — SAP NetWeaver Application Server (Java Library)	6.5	-	2018-12-11
CVE-2018-2494	SAP NetWeaver SAP Basis AS ABAP 安全漏洞 — SAP Basis (AS ABAP of SAP NetWeaver)	8.0	-	2018-12-11
CVE-2018-2497	SAP HANA 输入验证错误漏洞 — SAP HANA	6.5	-	2018-12-11
CVE-2018-2500	SAP Mobile Secure Android Client 信息泄露漏洞 — SAP Mobile Secure for Android	5.1	-	2018-12-11
CVE-2018-2502	SAP Business One Service Layer 安全漏洞 — SAP Business One Service Layer (B1_ON_HANA)	6.1	-	2018-12-11
CVE-2018-2503	SAP NetWeaver AS Java 安全漏洞 — SAP NetWeaver AS Java (ServerCore)	7.4	-	2018-12-11
CVE-2018-2504	SAP NetWeaver AS Java Web Container service 跨站脚本漏洞 — SAP NetWeaver AS Java (ServerCore)	6.1	-	2018-12-11
CVE-2018-2505	SAP Commerce 跨站脚本漏洞 — SAP Commerce (SAP Hybris Commerce)	6.1	-	2018-12-11

本页汇总了 SAP 厂商截至目前公开的全部 159 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

SAP 厂商漏洞列表 / CVE 中文分析 159

目標達成すべての支援者に感謝 — 100%達成しました！