SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation

CVEs 527

CVE ID	Title	CVSS	Severity	Published
CVE-2025-23189	Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) — SAP NetWeaver and ABAP Platform (SDCCN)CWE-862	4.3	Medium	2025-02-11
CVE-2025-23187	Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) — SAP NetWeaver and ABAP Platform (SDCCN)CWE-862	5.3	Medium	2025-02-11
CVE-2025-0064	Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console) — SAP BusinessObjects Business Intelligence platform (Central Management Console)CWE-732	8.7	High	2025-02-11
CVE-2025-0054	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-79	5.4	Medium	2025-02-11
CVE-2025-0070	Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP PlatformCWE-287	9.9	Critical	2025-01-14
CVE-2025-0069	DLL Hijacking vulnerability in SAPSetup — SAPSetupCWE-427	7.8	High	2025-01-14
CVE-2025-0068	Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-862	4.3	Medium	2025-01-14
CVE-2025-0067	Missing Authorization check in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-862	6.3	Medium	2025-01-14
CVE-2025-0066	Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) — SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)CWE-732	9.9	Critical	2025-01-14
CVE-2025-0063	SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — SAP NetWeaver AS ABAP and ABAP PlatformCWE-89	8.8	High	2025-01-14
CVE-2025-0061	Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-497	8.7	High	2025-01-14
CVE-2025-0060	Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-94	6.5	Medium	2025-01-14
CVE-2025-0059	Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) — SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)CWE-497	6.0	Medium	2025-01-14
CVE-2025-0058	Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow — SAP Business Workflow and SAP Flexible WorkflowCWE-639	6.5	Medium	2025-01-14
CVE-2025-0057	Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) — SAP NetWeaver AS JAVA (User Admin Application)CWE-434	4.8	Medium	2025-01-14
CVE-2025-0056	Information Disclosure vulnerability in SAP GUI for Java — SAP GUI for JavaCWE-497	6.0	Medium	2025-01-14
CVE-2025-0055	Information Disclosure vulnerability in SAP GUI for Windows — SAP GUI for WindowsCWE-497	6.0	Medium	2025-01-14
CVE-2025-0053	Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP PlatformCWE-209	5.3	Medium	2025-01-14
CVE-2024-54198	Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-914	8.5	High	2024-12-10
CVE-2024-54197	Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) — SAP NetWeaver Administrator(System Overview)CWE-918	7.2	High	2024-12-10
CVE-2024-47585	Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP PlatformCWE-862	4.3	Medium	2024-12-10
CVE-2024-47582	XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA — SAP NetWeaver AS JAVACWE-611	5.3	Medium	2024-12-10
CVE-2024-47581	Missing Authorization check in SAP HCM (Approve Timesheets version 4) — SAP HCMCWE-862	4.3	Medium	2024-12-10
CVE-2024-47580	Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) — SAP NetWeaver AS for JAVA (Adobe Document Services)CWE-538	6.8	Medium	2024-12-10
CVE-2024-47579	Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) — SAP NetWeaver AS for JAVA (Adobe Document Services)CWE-538	6.8	Medium	2024-12-10
CVE-2024-47578	Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) — SAP NetWeaver AS for JAVA (Adobe Document Services)CWE-918	9.1	Critical	2024-12-10
CVE-2024-47577	Information Disclosure vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-319	2.7	Low	2024-12-10
CVE-2024-47576	DLL Hijacking vulnerability in SAP Product Lifecycle Costing — SAP Product Lifecycle CostingCWE-427	3.3	Low	2024-12-10
CVE-2024-32732	Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform — SAP BusinessObjects Business Intelligence platformCWE-497	5.3	Medium	2024-12-10
CVE-2024-47595	Local Privilege Escalation in SAP Host Agent — SAP Host AgentCWE-266	6.3	Medium	2024-11-12

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

SAP_SE — Vulnerabilities & Security Advisories 527