Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 542

Browse all 542 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server ABAP and ABAP Platform SAP NetWeaver Application Server Java SAP Commerce Cloud SAP CRM WebClient UI SAP Business Connector SAP Fiori App (Intercompany Balance Reconciliation) SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP NetWeaver Enterprise Portal SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver SAP Solution Manager SAPCAR SAP NetWeaver AS Java SAP Commerce SAP Financial Consolidation SAP Web Dispatcher SAP NetWeaver AS for JAVA (Adobe Document Services) SAP Business One (SLD) SAP Supplier Relationship Management SAP CommonCryptoLib SAP Cloud Connector SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP MDM Server
CVE IDTitleCVSSSeverityPublished
CVE-2025-30016 Authentication Bypass Vulnerability in SAP Financial Consolidation — SAP Financial ConsolidationCWE-921 9.8 Critical2025-04-08
CVE-2025-30015 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP) — SAP NetWeaver and ABAP Platform (Application Server ABAP)CWE-787 4.1 Medium2025-04-08
CVE-2025-30014 Directory Traversal vulnerability in SAP Capital Yield Tax Management — SAP Capital Yield Tax ManagementCWE-35 7.7 High2025-04-08
CVE-2025-30013 Code Injection vulnerability in SAP ERP BW Business Content — SAP ERP BW Business ContentCWE-94 6.7 Medium2025-04-08
CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface) — SAP NetWeaver Application Server ABAP (Virus Scan Interface)CWE-862 4.3 Medium2025-04-08
CVE-2025-27435 Information Disclosure Vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-862 4.2 Medium2025-04-08
CVE-2025-27429 Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise) — SAP S/4HANA (Private Cloud)CWE-94 9.9 Critical2025-04-08
CVE-2025-27428 Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) — SAP NetWeaver and ABAP Platform (Service Data Collection)CWE-862 7.7 High2025-04-08
CVE-2025-26657 Information Disclosure vulnerability in SAP KMC WPC — SAP KMC WPCCWE-862 5.3 Medium2025-04-08
CVE-2025-26654 Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud) — SAP Commerce Cloud (Public Cloud)CWE-319 6.8 Medium2025-04-08
CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) — SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)CWE-79 4.7 Medium2025-04-08
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-94 8.5 High2025-04-08
CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) — SAP S/4HANA (Manage Bank Statements)CWE-639 4.3 Medium2025-03-11
CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI) — SAP Commerce (Swagger UI)CWE-79 8.8 High2025-03-11
CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) — SAP S/4HANA (Manage Bank Statements)CWE-639 4.3 Medium2025-03-11
CVE-2025-27432 Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit) — SAP Electronic Invoicing for Brazil (eDocument Cockpit)CWE-862 2.4 Low2025-03-11
CVE-2025-27431 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-79 5.4 Medium2025-03-11
CVE-2025-27430 Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center) — SAP CRM and SAP S/4HANA (Interaction Center)CWE-918 3.5 Low2025-03-11
CVE-2025-26661 Missing Authorization check in SAP NetWeaver (ABAP Class Builder) — SAP NetWeaver (ABAP Class Builder)CWE-862 8.8 High2025-03-11
CVE-2025-26660 Broken Access Control in SAP Fiori apps (Posting Library) — SAP Fiori apps (Posting Library)CWE-639 4.3 Medium2025-03-11
CVE-2025-26659 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) — SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)CWE-79 6.1 Medium2025-03-11
CVE-2025-26658 Broken Authentication in SAP Business One (Service Layer) — SAP Business One (Service Layer)CWE-384 6.8 Medium2025-03-11
CVE-2025-26656 Missing Authorization check in S/4HANA (Manage Purchasing Info Records) — S/4HANA (Manage Purchasing Info Records)CWE-862 4.3 Medium2025-03-11
CVE-2025-26655 Missing Authorization check in SAP JIT(Outbound) — SAP Just In TimeCWE-862 3.1 Low2025-03-11
CVE-2025-25245 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) — SAP BusinessObjects Business Intelligence Platform (Web Intelligence)CWE-79 5.4 Medium2025-03-11
CVE-2025-25244 Missing Authorization Check in SAP Business Warehouse (Process Chains) — SAP Business Warehouse (Process Chains)CWE-862 5.7 Medium2025-03-11
CVE-2025-25242 Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-79 6.1 Medium2025-03-11
CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component) — SAP NetWeaver Enterprise Portal (OBN component)CWE-306 5.3 Medium2025-03-11
CVE-2025-23188 Missing Authorization check in SAP S/4HANA (RBD) — SAP S/4HANA (RBD)CWE-862 4.3 Medium2025-03-11
CVE-2025-23185 Information Disclosure in SAP Business Objects Business Intelligence Platform — SAP Business Objects Business Intelligence PlatformCWE-209 4.1 Medium2025-03-11

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.