Browse all 159 CVE security advisories affecting SAP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SAP operates enterprise resource planning software that manages core business processes for global organizations. With 159 recorded CVEs, the platform has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex integrations and legacy codebases, allowing attackers to bypass authentication or execute arbitrary commands. Notable incidents include critical flaws in SAP NetWeaver and SAP HANA, which exposed sensitive data and enabled unauthorized system access. The sheer scale of SAP deployments makes it a high-value target for ransomware groups and state-sponsored actors seeking to disrupt supply chains or financial operations. Security teams must prioritize patching these known weaknesses, as unaddressed vulnerabilities can lead to significant data breaches and operational downtime. Continuous monitoring and strict access controls are essential to mitigate the inherent risks associated with such a pervasive enterprise ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-26460 | Improper Access Control in SAP NetWeaver AS Java (Cache Management Service) — NetWeaver AS for JavaCWE-284 | 5.3 | Medium | 2023-03-14 |
| CVE-2023-23857 | Improper Access Control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-287 | 9.9 | Critical | 2023-03-14 |
| CVE-2023-0017 | Improper access control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-284 | 9.4 | Critical | 2023-01-10 |
This page lists every published CVE security advisory associated with SAP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.