SAP Latest Vulnerabilities
November 12
Unauthenticated attacker can read restricted files on SAP NetWeaver Application Server ABAP
CVE-2024-47593
SAP
Plaintext Credentials in Log Files Expose Sensitive Information
CVE-2024-47588
SAP
Attacker Could Replace Local Files, Causing High Impact on Confidentiality and Integrity
CVE-2024-47595
SAPSAP Host Agent7.1HIGH
Brute Force Vulnerability Affects Confidentiality
CVE-2024-47592
SAPSAP Netweaver Applicat...5.3MEDIUM
Unauthorized Access to Restricted SLD Configurations
CVE-2024-42372
SAPSAP Netweaver As Java ...6.5MEDIUM
October 8
SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability
CVE-2024-47594
SAPSAP Netweaver Enterpri...5.4MEDIUM
Integrity Violations in Read-Only Fields
CVE-2024-45282
SAPSAP S/4 Hana (manage B...5.3MEDIUM
SAP Commerce Backoffice vulnerable to XSS
CVE-2024-45278
SAPSAP Commerce Backoffice5.4MEDIUM
HANA Client Package Affected by Prototype Pollution Vulnerability
CVE-2024-45277
SAPSAP Hana Client4.3MEDIUM
SAP BusinessObjects Vulnerability Allows Data Theft
CVE-2024-37179
SAPSAP Businessobjects Bu...6.5MEDIUM
September 10
Low-privilege User Can Perform Denial of Service and Data Tampering Attacks on SAP GUI
CVE-2024-45285
SAPSAP Netweaver Applicat...5.4MEDIUM
Privilege Escalation through Restricted Access to SLCM Transactions
CVE-2024-45284
SAPSAP Student Life Cycle...2.4LOW
SAP NetWeaver AS for Java Vulnerability Allows Access to Sensitive Information
CVE-2024-45283
SAPSAP Netweaver As For J...6MEDIUM
High Privilege User Vulnerability Affects Confidentiality and Integrity of Application
CVE-2024-45281
SAPSAP Businessobjects Bu...5.8MEDIUM
SAP NetWeaver AS Java Vulnerability Allows Malicious Script Execution
CVE-2024-45280
SAPSAP Netweaver As Java ...4.8MEDIUM
Vulnerability in CRM Blueprint Application Builder Panel Could Allow for Information Access
CVE-2024-45279
SAPSAP Netweaver Applicat...6.1MEDIUM
SAP S/4HANA Vulnerability Could Expose Internal User Data
CVE-2024-44121
SAPSAP S/4 Hana (statutor...4.3MEDIUM
SAP NetWeaver Enterprise Portal Vulnerable to Reflected Cross-Site Scripting
CVE-2024-44120
SAPSAP Netweaver Enterpri...4.7MEDIUM
Low Privileged User Actions on Favourite Nodes and Workbook ID
CVE-2024-44117
SAPSAP Netweaver Applicat...5.4MEDIUM
Attackers Can Delete Non-Sensitive Entries in User Data Table Due to Lack of Authorization Check
CVE-2024-44112
SAPSAP For Oil & Gas4.3MEDIUM
Attackers Can Read Confidential Objects Without Authorization
CVE-2024-41728
SAPSAP Netweaver Applicat...2.7LOW
Unauthorized Access to Sensitive Data via Tobin Interface
CVE-2024-45286
SAPSAP Production And Rev...6.5MEDIUM
Low Privileged User Vulnerability Affects Workplace Favorites
CVE-2024-44116
SAPSAP Netweaver Applicat...4.3MEDIUM
Low Privileged User Targeting: Identifying Usernames and Workplace Information
CVE-2024-44115
SAPSAP Netweaver Applicat...4.3MEDIUM
Potential Data Exposure via Program Execution
CVE-2024-44114
SAPSAP Netweaver Applicat...2.7LOW
Authenticated Attackers Can Access Restricted Information via Missing Authorization Checks
CVE-2024-44113
SAPSAP Business Warehouse...4.3MEDIUM
Low Privileged User Data Exposure through Vulnerability
CVE-2024-42380
SAPSAP Netweaver Applicat...4.3MEDIUM
SAP S/4HANA at Risk of Reflected Cross-Site Scripting (XSS) Vulnerability
CVE-2024-42378
SAPSAP S/4hana Eprocurement6.1MEDIUM
Low Privileged User Access to Targeted User Workplace Favorites Could Lead to Identification of Targeted User Names and Access Information
CVE-2024-42371
SAPSAP Netweaver Applicat...5.4MEDIUM
SAP BEx Analyzer Vulnerability Allows Access to Restricted Information
CVE-2024-41729
SAPSAP Netweaver Bw (bex ...4.3MEDIUM
August 13
Authorization Checks Failure in SAP Document Builder Impacts Privileges
CVE-2024-39591
SAPSAP Document Builder5.3MEDIUM
SAP SLcM Fails to Conduct Proper Authorization Checks, Risking Escalation of Privileges
CVE-2024-42373
SAPSAP Student Life Cycle...5.4MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability Could Lead to Disclosure of User Related Information
CVE-2024-41734
SAPSAP Netweaver Applicat...4.3MEDIUM
Attackers Can Access Restricted Information Through Permit to Work
CVE-2024-41736
SAPSAP Permit To Work4.3MEDIUM
SAP BusinessObjects BI Platform Exposes Organizations to Code Injection Risk
CVE-2024-41731
SAPSAP Businessobjects Bu...4.3MEDIUM
SAP BusinessObjects Vulnerability: Malicious Code Upload
CVE-2024-28166
SAPSAP Businessobjects Bu...4.3MEDIUM
SAP BusinessObjects Vulnerable to Malicious Code Execution
CVE-2024-42375
SAPSAP Businessobjects Bu...4.3MEDIUM
Unauthenticated URL Link Injection Vulnerability Affects SAP NetWeaver Application Server ABAP
CVE-2024-41732
SAPSAP Netweaver Applicat...5.4MEDIUM
SAP CRM ABAP (Insights Management) Vulnerability: Possible Information Disclosure
CVE-2024-41737
SAPSAP Crm Abap (insights...5MEDIUM
SAP Commerce Customer Registration and Login Processes
CVE-2024-41733
SAPSAP Commerce5.3MEDIUM
SAP Commerce Backoffice Unsecured User-Controlled Inputs Lead to Cross-Site Scripting (XSS) Vulnerability
CVE-2024-41735
SAPSAP Commerce Backoffice5.4MEDIUM
Authorization Bypass VI carbon zente ideal primal crux deliver
CVE-2024-33005
SAPSAP Netweaver Applicat...6.3MEDIUM
Non-Admin User Can Insert Values into Non-Sensitive Table, with Minimal Impact on Application Integrity
CVE-2024-42377
SAPSAP Shared Service Fra...4.3MEDIUM
SAP Shared Service Framework Vulnerable to Privilege Escalation Attacks
CVE-2024-42376
SAPSAP Shared Service Fra...6.5MEDIUM
OCC API Endpoints Vulnerable to PII Data Exposure
CVE-2024-33003
SAPSAP Commerce Cloud9.1CRITICAL
Untrusted XML Document Validation Vulnerability Affects SAP ADS Rendering
CVE-2024-42374
SAPSAP Bex Web Java Runti...8.2HIGH
Unauthorized Access via REST Endpoint poses High Risk to Confidentiality, Integrity, and Availability
CVE-2024-41730
SAPSAP Businessobjects Bu...9.8CRITICAL
July 9
Attackers Can Upload Arbitrary Files, Including Executables, Leading to Limited Impact on Confidentiality and Integrity
CVE-2024-34692
SAPSAP Enable Now4.6MEDIUM
Remote ENabled Function Module Vulnerability
CVE-2024-37180
SAPSAP Netweaver Applicat...4.1MEDIUM
Authorization Checks Bypass Leads to Limited Impact on Confidentiality
CVE-2024-39596
SAPSAP Enable Now4.3MEDIUM
SAP NetWeaver Application Server Security Vulnerability
CVE-2024-39599
SAPSAP Netweaver Applicat...4.7MEDIUM
SAP Transportation Management Vulnerability Allows Server-Side Request Forgery
CVE-2024-37171
SAPSAP Transportation Man...5MEDIUM
SAP GUI Password Vulnerability Could Lead to Password Impersonation
CVE-2024-39600
SAPSAP Gui For Windows5MEDIUM
Attack on WebFlow Services Exposes Internal Network Endpoints
CVE-2024-34689
SAPSAP Business Workflow ...5MEDIUM
Authenticated User Privilege Escalation Vulnerability
CVE-2024-37172
SAPSAP S/4hana Finance (a...5.4MEDIUM
SAP Business Warehouse XSS Vulnerability Allows User-Controlled Modification of Website Content
CVE-2024-39595
SAPSAP Business Warehouse...5.4MEDIUM
SAP Business Warehouse XSS Vulnerability Could Lead to Low-Impact Attacks
CVE-2024-39594
SAPSAP Business Warehouse...6.1MEDIUM
SAP CRM WebClient Authentication Vulnerability Allows Escalation of Privileges
CVE-2024-37175
SAPSAP Crm Webclient Ui6.5MEDIUM
SAP CRM Vulnerability: Authenticated Attacker can Enumerate Accessible HTTP Endpoints
CVE-2024-39598
SAPSAP Crm Webclient Ui7.7HIGH
SAP CRM WebClient Cross-Site Scripting Vulnerability
CVE-2024-37174
SAPSAP Crm Webclient Ui6.1MEDIUM
SAP CRM WebClient UI Vulnerability Allows Unauthenticated Attacker to Execute Malicious Scripts
CVE-2024-37173
SAPSAP Crm Webclient Ui6.1MEDIUM
SAP NetWeaver Knowledge Management XMLEditor Vulnerable to Cross-Site Scripting (XSS)
CVE-2024-34685
SAPSAP Netweaver Knowledg...6.1MEDIUM
SAP Landscape Management Data Disclosure Vulnerability
CVE-2024-39593
SAPSAP Landscape Management5.7MEDIUM
SAP Commerce Vulnerability: Misuse of Forgotten Password Functionality Can Grant Access to Non-Isolated Sites
CVE-2024-39597
SAPSAP Commerce7.2HIGH
Insufficient Authorization Checks Lead to Sensitive Information Exposure
CVE-2024-39592
SAPSAP Pdce6.5MEDIUM
June 11
Authorization Checks Vulnerability in S/4HANA
CVE-2024-34691
SAPSAP S/4hana (manage In...6.5MEDIUM
SAP BusinessObjects Scheduling Vulnerability Allows Authenticated Attacker to Access Password
CVE-2024-34684
SAPSAP Businessobjects Bu...6MEDIUM
Unauthenticated Access to Server Information
CVE-2024-28164
SAPSAP Netweaver As Java5.3MEDIUM
Authorization Checks Failure Could Lead to Privilege Escalation
CVE-2024-34690
SAPSAP Student Life Cycle...5.4MEDIUM
Authenticated Attacker Can Escalate Privileges via Improper Authorization Checks
CVE-2024-37176
SAPSAP Bw/4hana Transform...5.4MEDIUM
SAP CRM WebClient UI Vulnerability Allows Unauthorized Access to Victim's Browser
CVE-2024-34686
SAPSAP Crm Webclient Ui6.1MEDIUM
Attacker can manipulate victim's documents through SAP Document Builder service
CVE-2024-34683
SAPSAP Document Builder6.5MEDIUM
Attacker Can Impede Performance, Causing Delays and Service Interruptions
CVE-2024-33001
SAPSAP Netweaver And Abap...6.5MEDIUM
DoS Attacks on Repository Services Can Cause High Availability Impact
CVE-2024-34688
SAPSAP Netweaver As Java7.5HIGH
SAP Financial Consolidation Exposes Cross-Site Scripting Vulnerability
CVE-2024-37178
SAPSAP Financial Consolid...5MEDIUM
SAP Financial Consolidation Vulnerability: Untrusted Data Entry via Web Application
CVE-2024-37177
SAPSAP Financial Consolid...8.1HIGH
May 14
Unauthorized File Upload Vulnerability
CVE-2024-33006
SAPSAP Netweaver Applicat...👾9.6CRITICAL
SAP Business Objects Platform Vulnerable to Insecure Storage
CVE-2024-33004
SAPSAP Businessobjects Bu...4.3MEDIUM
SQL injection vulnerability in SAP Global Label Management (GLM)
CVE-2024-33009
SAPSAP Global Label Manag...4.2MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform Exposed to Cross-Site Scripting (XSS) Vulnerability
CVE-2024-34687
SAPSAP Netweaver Applicat...6.5MEDIUM
Unauthorized Access to Rule Management
CVE-2024-4138
SAPSAP S/4 Hana (manage B...4.3MEDIUM
Unauthorized Rule Deletion Vulnerability
CVE-2024-4139
SAPSAP S/4 Hana (manage B...4.3MEDIUM
SAP Business Objects Platform Vulnerable to Stored XSS Attacks
CVE-2024-28165
SAPSAP Businessobjects Bu...8.1HIGH
XSS Vulnerability in Document Service handler (obsolete)
CVE-2024-33002
SAPSAP S/4hana (document ...6.1MEDIUM
Missing Authorization check in SAP Bank Account Management
CVE-2024-33000
SAPSAP Bank Account Manag...3.5LOW
Memory Corruption vulnerability in SAP Replication Server
CVE-2024-33008
SAPSAP Replication Server4.9MEDIUM
SAP PDFViewer Vulnerability: Execution of Embedded JavaScript Can Cause Security Threats
CVE-2024-33007
SAPSAPui5 (PDFviewer)3.5LOW
SAP NetWeaver Application Server ABAP and ABAP Platform Vulnerability: Untrusted Data Injection
CVE-2024-32733
SAPSAP Netweaver Applicat...6.1MEDIUM
SAP My Travel Requests Vulnerability Allows Escalation of Privileges
CVE-2024-32731
SAPSAP My Travel Requests5.5MEDIUM
April 9
Insufficient Authorization Leads to Data Tampering in SAP Group Reporting Data Collection
CVE-2024-28167
SAP
SAP NetWeaver Vulnerable to Server-Side Request Forgery
CVE-2024-27898
SAPSAP Netweaver5.3MEDIUM
SAP S/4HANA Cash Management Vulnerability: Escalation of Privileges
CVE-2024-30217
SAPSAP S/4 Hana (cash Man...4.3MEDIUM
Attackers Can Cause Service Outages, Impacting Availability
CVE-2024-30218
SAP
SAP BusinessObject Business Intelligence Launch Pad Vulnerability Could Lead to OS Information Disclosure
CVE-2024-25646
SAP
Insufficient Authorization Checks in SAP S/4HANA Allow Escalation of Privileges
CVE-2024-30216
SAP
Malicious GET Query Parameter Attack on Service Invocations
CVE-2024-30214
SAPSAP Business Connector4.8MEDIUM
Security Vulnerability in Self-Registration and Profile Modification in NetWeaver AS Java
CVE-2024-27899
SAP
SAP Asset Accounting Vulnerability Could Lead to Data Breaches
CVE-2024-27901
SAP
March 12
SAP NetWeaver Administrator AS Java Vulnerability Could Lead to Command Injection
CVE-2024-22127
SAPSAP Netweaver As Java ...9.1CRITICAL
SAP Fiori Front End Server Vulnerability Allows Incorrect Approver Details in Leave Requests
CVE-2024-22133
SAP