Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 542

Browse all 542 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server ABAP and ABAP Platform SAP NetWeaver Application Server Java SAP Commerce Cloud SAP CRM WebClient UI SAP Business Connector SAP Fiori App (Intercompany Balance Reconciliation) SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP NetWeaver Enterprise Portal SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver SAP Solution Manager SAPCAR SAP NetWeaver AS Java SAP Commerce SAP Financial Consolidation SAP Web Dispatcher SAP NetWeaver AS for JAVA (Adobe Document Services) SAP Business One (SLD) SAP Supplier Relationship Management SAP CommonCryptoLib SAP Cloud Connector SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP MDM Server
CVE IDTitleCVSSSeverityPublished
CVE-2023-33990 Denial of Service (DoS) vulnerability in SAP SQL Anywhere — SAP SQL AnywhereCWE-732 7.8 High2023-07-11
CVE-2023-33989 Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON) — SAP NetWeaver (BI CONT ADD ON)CWE-22 8.7 High2023-07-11
CVE-2023-33988 Cross-Site Scripting vulnerability in SAP Enable Now — SAP Enable NowCWE-79 6.1 Medium2023-07-11
CVE-2023-33987 Request smuggling and request concatenation in SAP Web Dispatcher — SAP Web DispatcherCWE-444 8.6 High2023-07-11
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) — SAP NetWeaver AS for Java (Log Viewer)CWE-117 5.3 Medium2023-07-11
CVE-2023-33991 Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management — SAP UI5 Variant ManagementCWE-79 8.2 High2023-06-13
CVE-2023-33986 Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management) — SAP CRM ABAP (Grantor Management)CWE-79 6.1 Medium2023-06-13
CVE-2023-33985 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise PortalCWE-79 6.1 Medium2023-06-13
CVE-2023-33984 Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository) — SAP NetWeaver (Design Time Repository)CWE-79 6.4 Medium2023-06-13
CVE-2023-32115 SQL Injection in Master Data Synchronization (MDS COMPARE TOOL) — Master Data Synchronization (MDS COMPARE TOOL)CWE-89 4.2 Medium2023-06-13
CVE-2023-32114 Denial of Service in SAP NetWeaver — SAP NetWeaver (Change and Transport System)CWE-732 2.7 Low2023-06-13
CVE-2023-2827 Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital — SAP Plant ConnectivityCWE-306 7.9 High2023-06-13
CVE-2023-32112 Missing Authorization Check in Vendor Master Hierarchy — Vendor Master HierarchyCWE-862 2.8 Low2023-05-09
CVE-2023-32113 Information Disclosure vulnerability in SAP GUI for Windows — SAP GUI for WindowsCWE-200 7.5 High2023-05-09
CVE-2023-32111 Memory Corruption vulnerability in SAP PowerDesigner (Proxy) — SAP PowerDesigner (Proxy)CWE-787 7.5 High2023-05-09
CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation — SAP Business Planning and ConsolidationCWE-79 5.4 Medium2023-05-09
CVE-2023-31406 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-79 6.1 Medium2023-05-09
CVE-2023-31404 Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service) — SAP BusinessObjects Business Intelligence Platform (Central Management Service)CWE-200 5.0 Medium2023-05-09
CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA. — SAP AS NetWeaver JAVACWE-306 8.2 High2023-05-09
CVE-2023-30743 Improper Neutralization of Input in SAPUI5 — SAPUI5CWE-79 7.1 High2023-05-09
CVE-2023-30742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) — SAP CRM (WebClient UI)CWE-79 6.1 Medium2023-05-09
CVE-2023-30741 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-79 6.1 Medium2023-05-09
CVE-2023-30740 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-200 6.3 Medium2023-05-09
CVE-2023-29188 Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI — SAP CRM WebClient UICWE-79 5.4 Medium2023-05-09
CVE-2023-28764 Information Disclosure vulnerability in SAP BusinessObjects Platform — SAP BusinessObjects PlatformCWE-522 3.7 Low2023-05-09
CVE-2023-28762 Information Disclosure in SAP BusinessObjects Intelligence Platform — SAP BusinessObjects Intelligence PlatformCWE-200 9.1 Critical2023-05-09
CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML — GUI for HTMLCWE-79 6.1 Medium2023-04-11
CVE-2023-0021 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver — SAP NetWeaverCWE-79 6.1 Medium2023-03-14
CVE-2023-23858 SAP NetWeaver AS 跨站脚本漏洞 — SAP NetWeaver AS for ABAP and ABAP PlatformCWE-79 6.1 Medium2023-02-14
CVE-2023-23856 SAP BusinessObjects Business Intelligence 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence (Web Intelligence UI)CWE-79 4.3 Medium2023-02-14

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.