Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation
CVE IDTitleCVSSSeverityPublished
CVE-2025-42933 Insecure Storage of Sensitive Information in SAP Business One (SLD) — SAP Business One (SLD)CWE-522 8.8 High2025-09-09
CVE-2025-42930 Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation — SAP Business Planning and ConsolidationCWE-606 6.5 Medium2025-09-09
CVE-2025-42929 Missing input validation vulnerability in SAP Landscape Transformation Replication Server — SAP Landscape Transformation Replication ServerCWE-1287 8.1 High2025-09-09
CVE-2025-42927 Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service) — SAP NetWeaver AS Java (Adobe Document Service)CWE-1395 3.4 Low2025-09-09
CVE-2025-42926 Missing Authentication check in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-306 5.3 Medium2025-09-09
CVE-2025-42925 Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service) — SAP NetWeaver AS Java (IIOP Service)CWE-341 4.3 Medium2025-09-09
CVE-2025-42923 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups) — SAP Fiori App (F4044 Manage Work Center Groups)CWE-352 4.3 Medium2025-09-09
CVE-2025-42922 Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service) — SAP NetWeaver AS Java (Deploy Web Service)CWE-94 9.9 Critical2025-09-09
CVE-2025-42920 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management — SAP Supplier Relationship ManagementCWE-79 6.1 Medium2025-09-09
CVE-2025-42918 Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing) — SAP NetWeaver Application Server for ABAP (Background Processing)CWE-862 4.3 Medium2025-09-09
CVE-2025-42917 Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application) — SAP HCM (Approve Timesheets Fiori 2.0 application)CWE-862 6.5 Medium2025-09-09
CVE-2025-42916 Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise) — SAP S/4HANA (Private Cloud or On-Premise)CWE-1287 8.1 High2025-09-09
CVE-2025-42915 Missing Authorization Check in Fiori app (Manage Payment Blocks) — Fiori app (Manage Payment Blocks)CWE-862 5.4 Medium2025-09-09
CVE-2025-42914 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) — SAP HCM (My Timesheet Fiori 2.0 application)CWE-862 3.1 Low2025-09-09
CVE-2025-42913 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) — SAP HCM (My Timesheet Fiori 2.0 application)CWE-862 3.1 Low2025-09-09
CVE-2025-42912 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) — SAP HCM (My Timesheet Fiori 2.0 application)CWE-862 6.5 Medium2025-09-09
CVE-2025-42911 Missing Authorization check in SAP NetWeaver (Service Data Download) — SAP NetWeaver (Service Data Download)CWE-862 5.0 Medium2025-09-09
CVE-2025-42976 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document) — SAP NetWeaver Application Server ABAP (BIC Document)CWE-125 8.1 High2025-08-12
CVE-2025-42975 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document) — SAP NetWeaver Application Server ABAP (BIC Document)CWE-79 6.1 Medium2025-08-12
CVE-2025-42957 Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise) — SAP S/4HANA (Private Cloud or On-Premise)CWE-94 9.9 Critical2025-08-12
CVE-2025-42955 Missing authorization check in SAP Cloud Connector — SAP Cloud ConnectorCWE-862 3.5 Low2025-08-12
CVE-2025-42951 Broken Authorization in SAP Business One (SLD) — SAP Business One (SLD)CWE-863 8.8 High2025-08-12
CVE-2025-42950 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) — SAP Landscape Transformation (Analysis Platform)CWE-94 9.9 Critical2025-08-12
CVE-2025-42949 Missing Authorization check in ABAP Platform — ABAP PlatformCWE-862 4.9 Medium2025-08-12
CVE-2025-42948 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform — SAP NetWeaver ABAP PlatformCWE-79 6.1 Medium2025-08-12
CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management) — SAP S/4HANA (Bank Communication Management)CWE-22 6.9 Medium2025-08-12
CVE-2025-42945 HTML Injection vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-94 6.1 Medium2025-08-12
CVE-2025-42943 Information Disclosure in SAP GUI for Windows — SAP GUI for WindowsCWE-250 4.5 Medium2025-08-12
CVE-2025-42942 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-79 6.1 Medium2025-08-12
CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad) — SAP Fiori (Launchpad)CWE-1022 3.5 Low2025-08-12

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.