Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 527

Browse all 527 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP Commerce Cloud SAP CRM WebClient UI SAP NetWeaver AS ABAP and ABAP Platform SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP NetWeaver SAP Solution Manager SAP NetWeaver AS Java SAPCAR SAP Commerce SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP Business One (SLD) SAP NetWeaver AS for JAVA (Adobe Document Services) SAP HCM (My Timesheet Fiori 2.0 application) SAP Supplier Relationship Management SAP CommonCryptoLib SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP BusinessObjects Web Intelligence SAP Cloud Connector SAP Financial Consolidation
CVE IDTitleCVSSSeverityPublished
CVE-2025-31326 HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) — SAP BusinessObjects Business Intelligence Platform (Web Intelligence)CWE-80 4.1 Medium2025-07-08
CVE-2025-42998 Security misconfiguration vulnerability in SAP Business One Integration Framework — SAP Business One Integration FrameworkCWE-346 5.3 Medium2025-06-10
CVE-2025-42996 Multiple vulnerabilities in SAP MDM Server — SAP MDM ServerCWE-590 5.6 Medium2025-06-10
CVE-2025-42995 Multiple vulnerabilities in SAP MDM Server — SAP MDM ServerCWE-590 7.5 High2025-06-10
CVE-2025-42994 Multiple vulnerabilities in SAP MDM Server — SAP MDM ServerCWE-590 7.5 High2025-06-10
CVE-2025-42993 Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement) — SAP S/4HANA (Enterprise Event Enablement)CWE-862 6.7 Medium2025-06-10
CVE-2025-42991 Missing Authorization check in SAP S/4HANA (Bank Account Application) — SAP S/4HANA (Bank Account Application)CWE-862 4.3 Medium2025-06-10
CVE-2025-42990 HTML Injection in Unprotected SAPUI5 applications — SAPUI5 applicationsCWE-79 3.0 Low2025-06-10
CVE-2025-42989 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-862 9.6 Critical2025-06-10
CVE-2025-42988 Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform — SAP Business Objects Business Intelligence PlatformCWE-918 3.7 Low2025-06-10
CVE-2025-42987 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement) — SAP S/4HANA (Manage Processing Rules - For Bank Statement)CWE-862 4.3 Medium2025-06-10
CVE-2025-42984 Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application) — SAP S/4HANA (Manage Central Purchase Contract application)CWE-862 5.4 Medium2025-06-10
CVE-2025-42983 Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis — SAP Business Warehouse and SAP Plug-In BasisCWE-862 8.5 High2025-06-10
CVE-2025-42982 Information Disclosure in SAP GRC (AC Plugin) — SAP GRC (AC Plugin)CWE-862 8.8 High2025-06-10
CVE-2025-42977 Directory Traversal vulnerability in SAP NetWeaver Visual Composer — SAP NetWeaver Visual ComposerCWE-22 7.6 High2025-06-10
CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation) — SAP NetWeaver (ABAP Keyword Documentation)CWE-79 5.8 Medium2025-06-10
CVE-2025-23192 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace) — SAP BusinessObjects Business Intelligence (BI Workspace)CWE-79 8.2 High2025-06-10
CVE-2025-43011 Missing Authorization Check in SAP Landscape Transformation (PCL Basis) — SAP Landscape Transformation (PCL Basis)CWE-862 7.7 High2025-05-13
CVE-2025-43010 Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL)) — SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))CWE-94 8.3 High2025-05-13
CVE-2025-43009 Missing Authorization check in SAP Service Parts Management (SPM) — SAP Service Parts Management (SPM)CWE-862 6.3 Medium2025-05-13
CVE-2025-43008 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal — SAP S/4HANA HCM Portugal and SAP ERP HCM PortugalCWE-862 5.8 Medium2025-05-13
CVE-2025-43007 Missing Authorization check in SAP Service Parts Management (SPM) — SAP Service Parts Management (SPM)CWE-862 6.3 Medium2025-05-13
CVE-2025-43006 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) — SAP Supplier Relationship Management (Master Data Management Catalog)CWE-79 6.1 Medium2025-05-13
CVE-2025-43005 Information Disclosure vulnerability in SAP GUI for Windows — SAP GUI for WindowsCWE-256 4.3 Medium2025-05-13
CVE-2025-43004 Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) — SAP Digital Manufacturing (Production Operator Dashboard)CWE-862 5.3 Medium2025-05-13
CVE-2025-43003 Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise) — SAP S/4HANA (Private Cloud & On-Premise)CWE-749 6.4 Medium2025-05-13
CVE-2025-43002 Missing Authorization check in SAP S4/HANA (OData meta-data property) — SAP S4/HANA (OData meta-data property)CWE-472 4.3 Medium2025-05-13
CVE-2025-43000 Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) — SAP Business Objects Business Intelligence Platform (PMW)CWE-862 7.9 High2025-05-13
CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server) — SAP NetWeaver (Visual Composer development server)CWE-502 9.1 Critical2025-05-13
CVE-2025-42997 Information Disclosure vulnerability in SAP Gateway Client — SAP Gateway ClientCWE-732 6.6 Medium2025-05-13

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.