Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation
CVE IDTitleCVSSSeverityPublished
CVE-2026-24314 Information Disclosure vulnerability in S/4HANA (Manage Payment Media) — S/4HANA (Manage Payment Media)CWE-497 4.3 Medium2026-02-24
CVE-2026-24328 Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER) — Business Server Pages Application (TAF_APPLAUNCHER)CWE-601 6.1 Medium2026-02-10
CVE-2026-24327 Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application) — SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)CWE-862 4.3 Medium2026-02-10
CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations) — SAP S/4HANA Defense & Security (Disconnected Operations)CWE-862 4.3 Medium2026-02-10
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console) — SAP BusinessObjects Enterprise (Central Management Console)CWE-79 4.8 Medium2026-02-10
CVE-2026-24324 Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools) — SAP BusinessObjects Business Intelligence Platform (AdminTools)CWE-405 6.5 Medium2026-02-10
CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System — SAP Document Management SystemCWE-601 6.1 Medium2026-02-10
CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) — SAP Solution Tools Plug-In (ST-PI)CWE-862 7.7 High2026-02-10
CVE-2026-24321 Information Disclosure vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-359 5.3 Medium2026-02-10
CVE-2026-24320 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP) — SAP NetWeaver and ABAP Platform (Application Server ABAP)CWE-113 3.1 Low2026-02-10
CVE-2026-24319 Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files) — SAP Business One (B1 Client Memory Dump Files)CWE-316 5.8 Medium2026-02-10
CVE-2026-24312 Missing authorization check in SAP Business Workflow — SAP Business WorkflowCWE-862 5.2 Medium2026-02-10
CVE-2026-23689 Denial of service (DOS) in SAP Supply Chain Management — SAP Supply Chain ManagementCWE-606 7.7 High2026-02-10
CVE-2026-23688 Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services) — SAP Fiori App (Manage Service Entry Sheets - Lean Services)CWE-862 4.3 Medium2026-02-10
CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform — SAP NetWeaver AS ABAP and ABAP PlatformCWE-347 8.8 High2026-02-10
CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-113 3.4 Low2026-02-10
CVE-2026-23685 Insecure Deserialization vulnerability in SAP NetWeaver (JMS service) — SAP NetWeaver (JMS service)CWE-502 4.4 Medium2026-02-10
CVE-2026-23684 Race condition vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-366 5.9 Medium2026-02-10
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In — SAP Support Tools Plug-InCWE-862 4.3 Medium2026-02-10
CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP PlatformCWE-862 9.6 Critical2026-02-10
CVE-2026-0508 Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-601 7.3 High2026-02-10
CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System — SAP Document Management SystemCWE-79 6.1 Medium2026-02-10
CVE-2026-0490 Denial of service (DOS) in SAP BusinessObjects BI Platform — SAP BusinessObjects BI PlatformCWE-862 7.5 High2026-02-10
CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) — SAP CRM and SAP S/4HANA (Scripting Editor)CWE-862 9.9 Critical2026-02-10
CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems — ABAP based SAP systemsCWE-862 5.0 Medium2026-02-10
CVE-2026-0485 Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform — SAP BusinessObjects BI PlatformCWE-405 7.5 High2026-02-10
CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA — SAP NetWeaver Application Server ABAP and SAP S/4HANACWE-601 6.5 Medium2026-02-10
CVE-2026-23683 Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation) — SAP Fiori App (Intercompany Balance Reconciliation)CWE-862 4.3 Medium2026-01-27
CVE-2026-0514 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector — SAP Business ConnectorCWE-79 6.1 Medium2026-01-13
CVE-2026-0513 Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog)CWE-601 4.7 Medium2026-01-13

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.