Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation
CVE IDTitleCVSSSeverityPublished
CVE-2026-34264 Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA — SAP Human Capital Management for SAP S/4HANACWE-204 6.5 Medium2026-04-14
CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer — SAP HANA Cockpit and HANA Database ExplorerCWE-522 5.0 Medium2026-04-14
CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management — SAP Business Analytics and SAP Content ManagementCWE-862 6.5 Medium2026-04-14
CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-601 6.1 Medium2026-04-14
CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) — SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)CWE-862 7.1 High2026-04-14
CVE-2026-27683 Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-79 4.1 Medium2026-04-14
CVE-2026-27681 SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse — SAP Business Planning and Consolidation and SAP Business WarehouseCWE-89 9.9 Critical2026-04-14
CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures) — SAP S/4HANA Frontend OData Service (Manage Reference Structures)CWE-862 6.5 Medium2026-04-14
CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures) — SAP S/4HANA Backend OData Service (Manage Reference Structures)CWE-862 6.5 Medium2026-04-14
CVE-2026-27677 Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment) — SAP S/4HANA OData Service (Manage Reference Equipment)CWE-862 6.5 Medium2026-04-14
CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures) — SAP S/4HANA OData Service (Manage Technical Object Structures)CWE-862 4.3 Medium2026-04-14
CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation — SAP Landscape TransformationCWE-94 2.0 Low2026-04-14
CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) — SAP NetWeaver Application Server Java (Web Dynpro Java)CWE-94 6.1 Medium2026-04-14
CVE-2026-27673 Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise) — SAP S/4HANA (Private Cloud and On-Premise)CWE-862 4.9 Medium2026-04-14
CVE-2026-27672 Missing Authorization check in Material Master Application — Material Master ApplicationCWE-862 4.3 Medium2026-04-14
CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-539 4.2 Medium2026-04-14
CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog)CWE-79 6.1 Medium2026-04-14
CVE-2026-27689 Denial of service (DOS) in SAP Supply Chain Management — SAP Supply Chain ManagementCWE-606 7.7 High2026-03-10
CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-862 5.0 Medium2026-03-10
CVE-2026-27687 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal — SAP S/4HANA HCM Portugal and SAP ERP HCM PortugalCWE-862 5.8 Medium2026-03-10
CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API) — SAP Business Warehouse (Service API)CWE-862 5.9 Medium2026-03-10
CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration — SAP NetWeaver Enterprise Portal AdministrationCWE-502 9.1 Critical2026-03-10
CVE-2026-27684 SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification) — SAP NetWeaver (Feedback Notification)CWE-89 6.4 Medium2026-03-10
CVE-2026-24317 DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT — SAP GUI for Windows with active GuiXTCWE-427 5.0 Medium2026-03-10
CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-918 6.4 Medium2026-03-10
CVE-2026-24313 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) — SAP Solution Tools Plug-In (ST-PI)CWE-862 5.0 Medium2026-03-10
CVE-2026-24311 Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0 — SAP Customer Checkout 2.0CWE-312 5.6 Medium2026-03-10
CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-862 3.5 Low2026-03-10
CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-862 6.4 Medium2026-03-10
CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service) — SAP Business One (Job Service)CWE-79 6.1 Medium2026-03-10

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.