Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation
CVE IDTitleCVSSSeverityPublished
CVE-2024-39598 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) — SAP CRM WebClient UICWE-918 5.0 Medium2024-07-09
CVE-2024-37174 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) — SAP CRM WebClient UICWE-79 6.1 Medium2024-07-09
CVE-2024-37173 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) — SAP CRM WebClient UICWE-79 6.1 Medium2024-07-09
CVE-2024-34685 [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor — SAP NetWeaver Knowledge Management XMLEditorCWE-79 6.1 Medium2024-07-09
CVE-2024-39593 [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management — SAP Landscape ManagementCWE-200 6.9 Medium2024-07-09
CVE-2024-39597 [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce — SAP CommerceCWE-285 7.2 High2024-07-09
CVE-2024-39592 [CVE-2024-39592] Missing Authorization check in SAP PDCE — SAP PDCECWE-862 7.7 High2024-07-09
CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) — SAP S/4HANA (Manage Incoming Payment Files)CWE-862 6.5 Medium2024-06-11
CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling) — SAP BusinessObjects Business Intelligence PlatformCWE-200 3.7 Low2024-06-11
CVE-2024-28164 Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures) — SAP NetWeaver AS JavaCWE-200 5.3 Medium2024-06-11
CVE-2024-34690 Missing Authorization check in SAP Student Life Cycle Management (SLcM) — SAP Student Life Cycle ManagementCWE-862 5.4 Medium2024-06-11
CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP — SAP BW/4HANA Transformation and Data Transfer ProcessCWE-862 5.5 Medium2024-06-11
CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) — SAP CRM WebClient UICWE-79 6.1 Medium2024-06-11
CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service) — SAP Document BuilderCWE-434 6.5 Medium2024-06-11
CVE-2024-33001 Denial of service (DOS) in SAP NetWeaver and ABAP platform — SAP NetWeaver and ABAP platformCWE-400 6.5 Medium2024-06-11
CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository) — SAP NetWeaver AS JavaCWE-400 7.5 High2024-06-11
CVE-2024-37178 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation — SAP Financial ConsolidationCWE-79 5.0 Medium2024-06-11
CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation — SAP Financial ConsolidationCWE-79 8.1 High2024-06-11
CVE-2024-33006 File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP PlatformCWE-434 9.6 Critical2024-05-14
CVE-2024-33004 Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices) — SAP BusinessObjects Business Intelligence Platform (Webservices)CWE-524 4.3 Medium2024-05-14
CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM) — SAP Global Label Management (GLM)CWE-89 4.2 Medium2024-05-14
CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform — SAP NetWeaver Application server for ABAP and ABAP PlatformCWE-79 6.5 Medium2024-05-14
CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) — SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)CWE-862 4.3 Medium2024-05-14
CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) — SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)CWE-862 4.3 Medium2024-05-14
CVE-2024-28165 Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-79 8.1 High2024-05-14
CVE-2024-33002 Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS) — SAP S/4HANA (Document Service Handler for DPS)CWE-79 6.1 Medium2024-05-14
CVE-2024-33000 Missing Authorization check in SAP Bank Account Management — SAP Bank Account ManagementCWE-862 3.5 Low2024-05-14
CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server — SAP Replication ServerCWE-787 4.9 Medium2024-05-14
CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer) — SAPUI5 (PDFViewer) 3.5 Low2024-05-14
CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP Platform CWE-79 6.1 Medium2024-05-14

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.