Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 542

Browse all 542 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server ABAP and ABAP Platform SAP NetWeaver Application Server Java SAP Commerce Cloud SAP CRM WebClient UI SAP Business Connector SAP Fiori App (Intercompany Balance Reconciliation) SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP NetWeaver Enterprise Portal SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver SAP Solution Manager SAPCAR SAP NetWeaver AS Java SAP Commerce SAP Financial Consolidation SAP Web Dispatcher SAP NetWeaver AS for JAVA (Adobe Document Services) SAP Business One (SLD) SAP Supplier Relationship Management SAP CommonCryptoLib SAP Cloud Connector SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP MDM Server
CVE IDTitleCVSSSeverityPublished
CVE-2024-27900 Missing Authorization check in SAP ABAP Platform — SAP ABAP PlatformCWE-862 4.3 Medium2024-03-12
CVE-2024-25644 Information Disclosure vulnerability in NetWeaver (WSRM) — NetWeaver (WSRM)CWE-732 5.3 Medium2024-03-12
CVE-2024-22133 Improper Access Control in SAP Fiori Front End Server — SAP Fiori Front End ServerCWE-863 4.6 Medium2024-03-12
CVE-2024-22127 Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in) — SAP NetWeaver AS Java (Administrator Log Viewer plug-in)CWE-77 9.1 Critical2024-03-12
CVE-2024-24741 Missing Authorization check in SAP Master Data Governance Material — SAP Master Data Governance MaterialCWE-862 4.3 Medium2024-02-13
CVE-2024-22129 Cross-Site Scripting (XSS) vulnerability in SAP Companion — SAP CompanionCWE-79 5.4 Medium2024-02-13
CVE-2024-25643 Missing authorization check in SAP Fiori app (My Overtime Requests) — SAP Fiori app (My Overtime Requests)CWE-862 4.3 Medium2024-02-13
CVE-2024-25642 Improper Certificate Validation in SAP Cloud Connector — SAP Cloud ConnectorCWE-295 7.4 High2024-02-13
CVE-2024-24743 XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures) — SAP NetWeaver AS Java (Guided Procedures)CWE-611 8.6 High2024-02-13
CVE-2024-24742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) — SAP CRM (WebClient UI)CWE-79 4.1 Medium2024-02-13
CVE-2024-24740 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel) — SAP NetWeaver Application Server ABAP (SAP Kernel)CWE-732 5.3 Medium2024-02-13
CVE-2024-24739 Missing authorization check in SAP BAM (Bank Account Management) — SAP BAM (Bank Account Management)CWE-862 6.3 Medium2024-02-13
CVE-2024-22132 Code Injection vulnerability in SAP IDES Systems — SAP IDES SystemsCWE-78 7.4 High2024-02-13
CVE-2024-22131 Code Injection vulnerability in SAP ABA (Application Basis) — SAP ABA (Application Basis)CWE-94 9.1 Critical2024-02-13
CVE-2024-22130 Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI — SAP CRM WebClient UICWE-79 7.6 High2024-02-13
CVE-2024-22128 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML — SAP NetWeaver Business Client for HTMLCWE-79 4.7 Medium2024-02-13
CVE-2024-22126 Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application) — SAP NetWeaver AS Java (User Admin Application)CWE-79 6.1 Medium2024-02-13
CVE-2024-22125 Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) — Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)CWE-497 7.4 High2024-01-09
CVE-2024-22124 Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager — SAP NetWeaver (Internet Communication Manager)CWE-497 4.1 Medium2024-01-09
CVE-2024-21738 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform — SAP NetWeaver ABAP Application Server and ABAP PlatformCWE-79 4.1 Medium2024-01-09
CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter) — SAP Application Interface Framework (File Adapter)CWE-94 8.4 High2024-01-09
CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) — SAP S/4HANA Finance (Advanced Payment Management)CWE-863 6.4 Medium2024-01-09
CVE-2024-21735 Improper Authorization check in SAP LT Replication Server — SAP LT Replication ServerCWE-863 7.3 High2024-01-09
CVE-2024-21734 URL Redirection vulnerability in SAP Marketing (Contacts App) — SAP Marketing (Contacts App)CWE-601 3.7 Low2024-01-09
CVE-2023-50424 Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) — github.com/sap/cloud-security-client-goCWE-749 9.1 Critical2023-12-12
CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec) — sap-xssecCWE-749 9.1 Critical2023-12-12
CVE-2023-6542 Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID — SAP EMARSYS SDK ANDROIDCWE-863 7.1 High2023-12-12
CVE-2023-49587 Command Injection vulnerability in SAP Solution Manager — SAP Solution ManagerCWE-77 6.4 Medium2023-12-12
CVE-2023-49584 Client-Side Desynchronization vulnerability in SAP Fiori Launchpad — SAP Fiori LaunchpadCWE-444 4.3 Medium2023-12-12
CVE-2023-50422 Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) — cloud-security-services-integration-libraryCWE-749 9.1 Critical2023-12-12

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.