Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 542

Browse all 542 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server ABAP and ABAP Platform SAP NetWeaver Application Server Java SAP Commerce Cloud SAP CRM WebClient UI SAP Business Connector SAP Fiori App (Intercompany Balance Reconciliation) SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP NetWeaver Enterprise Portal SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver SAP Solution Manager SAPCAR SAP NetWeaver AS Java SAP Commerce SAP Financial Consolidation SAP Web Dispatcher SAP NetWeaver AS for JAVA (Adobe Document Services) SAP Business One (SLD) SAP Supplier Relationship Management SAP CommonCryptoLib SAP Cloud Connector SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP MDM Server
CVE IDTitleCVSSSeverityPublished
CVE-2023-49583 Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec) — @sap/xssecCWE-749 9.1 Critical2023-12-12
CVE-2023-49581 SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP PlatformCWE-89 4.1 Medium2023-12-12
CVE-2023-49580 Information disclosure in SAP GUI for Windows and SAP GUI for Java — SAP GUI for Windows and SAP GUI for JavaCWE-732 7.3 High2023-12-12
CVE-2023-49578 Denial of service (DOS) in SAP Cloud Connector — SAP Cloud ConnectorCWE-732 3.5 Low2023-12-12
CVE-2023-49577 Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution) — SAP HCM (SMART PAYE solution)CWE-79 6.1 Medium2023-12-12
CVE-2023-49058 Directory Traversal vulnerability in SAP Master Data Governance — SAP Master Data GovernanceCWE-22 3.5 Low2023-12-12
CVE-2023-42481 Improper Access Control vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-640 8.1 High2023-12-12
CVE-2023-42479 Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct — SAP Biller DirectCWE-79 6.1 Medium2023-12-12
CVE-2023-42478 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform — Business Objects BI PlatformCWE-79 7.5 High2023-12-12
CVE-2023-42476 Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence — SAP BusinessObjects Web IntelligenceCWE-79 6.8 Medium2023-12-12
CVE-2023-42480 Information Disclosure in NetWeaver AS Java Logon — NetWeaver AS JavaCWE-307 5.3 Medium2023-11-14
CVE-2023-41366 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP PlatformCWE-497 5.3 Medium2023-11-14
CVE-2023-31403 Improper Access Control vulnerability in SAP Business One product installation — SAP Business OneCWE-863 9.6 Critical2023-11-14
CVE-2023-42477 Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application) — SAP NetWeaver AS JavaCWE-918 6.5 Medium2023-10-10
CVE-2023-42475 Information Disclosure Vulnerability in Statutory Reporting — SAP S/4HANA CoreCWE-209 4.3 Medium2023-10-10
CVE-2023-42474 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence — SAP BusinessObjects Web IntelligenceCWE-79 6.8 Medium2023-10-10
CVE-2023-42473 Missing Authorization Check In S/4HANA (Manage Withholding Tax Items) — S/4HANA (Manage Withholding Tax Items)CWE-862 5.4 Medium2023-10-10
CVE-2023-41365 Information Disclosure vulnerability in SAP Business One (B1i) — SAP Business One (B1i)CWE-611 4.3 Medium2023-10-10
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import — SAP PowerDesigner ClientCWE-112 6.5 Medium2023-10-10
CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLib — SAP CommonCryptoLibCWE-863 9.8 Critical2023-09-12
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client — SAP PowerDesigner ClientCWE-94 6.3 Medium2023-09-12
CVE-2023-40622 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management) — SAP BusinessObjects Business Intelligence Platform (Promotion Management)CWE-732 9.9 Critical2023-09-12
CVE-2023-40623 Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer) — SAP BusinessObjects Suite (Installer)CWE-1386 6.2 Medium2023-09-12
CVE-2023-40624 Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering) — SAP NetWeaver AS ABAP (applications based on Unified Rendering)CWE-79 5.5 Medium2023-09-12
CVE-2023-40625 Missing Authorization check in SAP Manage Purchase Contracts App — SAP Manage Purchase Contracts AppCWE-862 5.4 Medium2023-09-12
CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures) — SAP NetWeaver (Guided Procedures)CWE-306 5.3 Medium2023-09-12
CVE-2023-41368 Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps) — S4 HANA ABAP (Manage checkbook apps)CWE-639 2.7 Low2023-09-12
CVE-2023-41369 External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application) — SAP S/4HANA (Create Single Payment application)CWE-611 3.5 Low2023-09-12
CVE-2023-42472 Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) — SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)CWE-434 8.7 High2023-09-12
CVE-2023-40308 Memory Corruption vulnerability in SAP CommonCryptoLib — SAP CommonCryptoLibCWE-787 7.5 High2023-09-12

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.