Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation
CVE IDTitleCVSSSeverityPublished
CVE-2025-42936 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-266 5.4 Medium2025-08-12
CVE-2025-42935 Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) — SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)CWE-532 4.1 Medium2025-08-12
CVE-2025-42934 CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice) — SAP S/4HANA (Supplier invoice)CWE-113 4.3 Medium2025-08-12
CVE-2025-42947 Code Injection vulnerability in SAP FICA ODN framework — SAP FICA ODN frameworkCWE-94 5.5 Medium2025-07-23
CVE-2025-43001 Multiple Privilege Escalation Vulnerabilities in SAPCAR — SAPCARCWE-266 6.9 Medium2025-07-08
CVE-2025-42992 Multiple Privilege Escalation Vulnerabilities in SAPCAR — SAPCARCWE-266 6.9 Medium2025-07-08
CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform — SAP NetWeaver and ABAP PlatformCWE-862 4.3 Medium2025-07-08
CVE-2025-42985 Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench — SAP BusinessObjects Content Administrator workbenchCWE-601 6.1 Medium2025-07-08
CVE-2025-42981 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-601 6.1 Medium2025-07-08
CVE-2025-42980 Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network — SAP NetWeaver Enterprise Portal Federated Portal NetworkCWE-502 9.1 Critical2025-07-08
CVE-2025-42979 Insecure Key & Secret Management vulnerability in SAP GUI for Windows — SAP GUI for WindowsCWE-922 5.6 Medium2025-07-08
CVE-2025-42978 Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-940 3.5 Low2025-07-08
CVE-2025-42974 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) — SAP NetWeaver and ABAP Platform (SDCCN)CWE-862 4.3 Medium2025-07-08
CVE-2025-42973 Cross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report) — SAP Data Services (DQ Report)CWE-79 5.4 Medium2025-07-08
CVE-2025-42971 Memory Corruption vulnerability in SAPCAR — SAPCARCWE-787 4.0 Medium2025-07-08
CVE-2025-42970 Directory Traversal vulnerability in SAPCAR — SAPCARCWE-22 5.8 Medium2025-07-08
CVE-2025-42969 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP PlatformCWE-79 6.1 Medium2025-07-08
CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module) — SAP NetWeaver (RFC enabled function module)CWE-862 5.0 Medium2025-07-08
CVE-2025-42967 Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation) — SAP S/4HANA and SAP SCM (Characteristic Propagation)CWE-94 9.9 Critical2025-07-08
CVE-2025-42966 Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service) — SAP NetWeaver (XML Data Archiving Service)CWE-502 9.1 Critical2025-07-08
CVE-2025-42965 Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application — SAP BusinessObjects BI Platform Central Management Console Promotion Management ApplicationCWE-918 4.1 Medium2025-07-08
CVE-2025-42964 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration — SAP NetWeaver Enterprise Portal AdministrationCWE-502 9.1 Critical2025-07-08
CVE-2025-42963 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer ) — SAP NetWeaver Application Server for Java (Log Viewer )CWE-502 9.1 Critical2025-07-08
CVE-2025-42962 Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation) — SAP Business Warehouse (Business Explorer Web 3.5 loading animation)CWE-79 6.1 Medium2025-07-08
CVE-2025-42961 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-862 4.9 Medium2025-07-08
CVE-2025-42960 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools — SAP Business Warehouse and SAP BW/4HANA BEx ToolsCWE-862 4.3 Medium2025-07-08
CVE-2025-42959 Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476 — SAP NetWeaver ABAP Server and ABAP PlatformCWE-308 8.1 High2025-07-08
CVE-2025-42954 Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application) — SAP NetWeaver Business Warehouse (CCAW application)CWE-835 2.7 Low2025-07-08
CVE-2025-42953 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-862 8.1 High2025-07-08
CVE-2025-42952 Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis — SAP Business Warehouse and SAP Plug-In BasisCWE-862 7.7 High2025-07-08

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.