Sap Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single items and item collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Prioritizing items becomes possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

SAP NetWeaver151
SAP 3D Visual Enterprise Viewer125
SAP Business Intelligence Platform50
SAP BusinessObjects Business Intelligence Platform49
SAP NetWeaver AS JAVA36

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix865
Temporary Fix0
Workaround3
Unavailable4
Not Defined776

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High33
Functional0
Proof-of-Concept129
Unproven32
Not Defined1454

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical3
Local79
Adjacent108
Network1458

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High131
Low593
None924

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required544
None1104

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤22
≤314
≤495
≤5391
≤6453
≤7288
≤8238
≤998
≤1069

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤315
≤4109
≤5428
≤6457
≤7278
≤8210
≤9112
≤1037

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤27
≤358
≤4187
≤5499
≤6297
≤7256
≤8244
≤939
≤1061

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤35
≤414
≤5120
≤6173
≤7181
≤8188
≤9108
≤1099

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤21
≤37
≤422
≤590
≤693
≤7120
≤846
≤936
≤1048

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k3
<2k9
<5k158
<10k691
<25k671
<50k114
<100k2
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k748
<2k112
<5k394
<10k189
<25k205
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (473): 3 (2), 3D Visual Enterprise Author (33), 3D Visual Enterprise Viewer (125), ABA (1), ABAP (1), ABAP (1), ABAP Application Server (1), ABAP Managed Systems (1), ABAP Platform (32), ABAP Platform Kernel (1), ABAP Server (2), AIF (1), AS ABAP (2), ASE (2), ASE Database Platform (1), AS JAVA (2), AS JAVA SSO Authentication Library (1), AS NetWeaver JAVA (1), Adaptive Extensions (1), Adaptive Server Enterprise (18), Afaria (7), Analysis for Microsoft Office (1), Application Interface (2), Application Interface Framework (2), Application Server ABAP (1), Application Server Java (1), Asset Accounting (1), Authenticator (2), BAM (1), BASIS (1), BEx Web Java Runtime Export Web Service (1), BI Launchpad (1), BI Universal Data Integration (1), BOE AdminTools (1), BOE SDK (1), BPC (1), BPC MS (1), BSP Application (1), BW-4HANA (2), BW4HANA (2), BW4HANA Transformation and Data Transfer Process (1), BWA (1), Background Processing (1), Bank Account Management (2), Bank Analyzer (1), Banking Services (3), Base (1), Basic Functions for Business Transactions (1), Basis (6), Basis Component 700 (1), Basis Components- Communication Services (1), Biller Direct (2), Brazil (1), Business Client (4), Business Connector (4), Business Intelligence (11), Business Intelligence Development Workbench (2), Business Intelligence Platform (50), Business Intelligence Promotion Management Applicatio (1), Business Intelligence Promotion Management Application (1), Business Intelligence Suite (2), Business Object (1), Business Object Processing Framework (1), Business Objects (5), BusinessObjects (12), BusinessObjects Analysis (1), BusinessObjects BI LaunchPad (1), Business Objects BI Platform (2), BusinessObjects BI Platform (4), BusinessObjects BI Platform Servers (1), BusinessObjects BW Publisher Service (1), BusinessObjects Business Intelligence (2), BusinessObjects Business Intelligence Analysis Edition for OLAP (1), BusinessObjects Business Intelligence Platform (49), Business Objects Business Intelligence Platform (1), BusinessObjects Business Intelligence Platform CMC Application (1), BusinessObjects CMC (1), BusinessObjects Edge (1), BusinessObjects Enterprise (1), BusinessObjects Explorer (2), BusinessObjects Financial Consolidation (2), Business Objects Financial Consolidation (1), Business Objects Installer (1), BusinessObjects Mobile (1), Business Objects Mobile (1), BusinessObjects Platform (1), Business Objects Platform (2), BusinessObjects Suite Installer (1), BusinessObjects Web Intelligence (3), Business Objects Web Intelligence (2), BusinessObjects XI (1), Business One (24), Business One 2005-a (1), Business One Chef Cookbook (1), Business One Client (2), Business One Hana Chef Cookbook (2), Business One Mobile App (1), Business One Service Layer (1), Business One for Android (1), Business Planning and Consolidation (4), Business Warehouse (8), Business Warehouse Accelerator (1), Business Warehouse Universal Data Integration (1), Business Workflow (WebFlow Services) (1), Business Workflow and Flexible Workflow (1), Businessobjects (1), Businessobjects Edge (3), Business one (1), Business one License Service API (1), BussinessObjects Edge (2), CCMS (1), CCMS Agent (1), CMS (1), CRM (10), CRM ABAP (2), CRM WebClient UI (11), Capacity Leveling (1), Cash Management (1), Central Management Console (1), Change (1), Cloud Connector (8), Cloud Platform (2), Commerce (16), Commerce Backoffice (2), Commerce Cloud (15), Commerce Webservices (1), CommonCryptoLib (3), Companion (1), Computing Center Management System Monitoring (1), Console (1), Contact Center (4), Content Server (4), Contract Accounting (1), Contract Lifecycle Management (1), Control - Engineering Workbench (1), Crystal Reports (6), Crystal Reports Server (6), Crystal Reports for VS (1), Crystal Reports for Visual Studio (1), Customer Data Cloud (2), Customer Relationship Management (4), Customer Relationship Management Internet Sales (1), DB (5), DB vServer (1), DMIS Mobile Plug-In (1), Data Hub (1), Data Intelligence (1), Data Services (1), Database (1), Database Monitors (1), Database Server (8), Diagnostic Agent (1), Diagnostics (1), Diagnostics Agent (2), Digital Manufacturing (1), Disclosure Management (16), Document Builder (2), Document Management Services (1), Download Manager (2), Dynamic Tier (1), E-Commerce (2), E-Recruiting (1), EAPPGLO (1), EC-CUBE (1), EMR Unwired (2), ENGINEAPI (1), EPBC (1), EPBC2 (1), EPM Add-in for Microsoft Office (1), EPM Add-in for SAP Analysis Office (1), ERP (8), ERP Central Component (2), ERP Client for E-Bilanz (1), ERP Defense Forces and Public Security (1), ERP Financial Accounting (1), ERP Financials Information System (1), ERP HCM (1), ERP HCM Portugal (2), ERP Sales (1), Emarsys SDK (1), Employee Self Service (1), Enable Now (18), Enhancement Pack (1), EnjoySAP (4), Enterprise Central Component (1), Enterprise Extension Defense Forces & Public Security (1), Enterprise Financial Services (5), Enterprise Portal (6), Enterprise Resource Planning (1), Enterprise Threat Detection (2), Environment Health And Safety (2), Extended Application Services and Runtime (1), FI Manager Self-Service (1), FSAPPL (1), Financial Consolidation (9), Fiori (2), Fiori App (1), Fiori BI Launchpad (1), Fiori Client (5), Fiori Front End Server (1), Fiori Launchpad (7), Fiori for SAP S-4HANA (1), Focused RUN (2), Focused Run (3), GRC (2), GRC Access control Emergency Access Management (1), GUI (9), GUI Connector for Microsoft Edge (1), GUI for HTML (1), GUI for Java (3), GUI for Windows (4), Gateway (3), Global Label Management (1), Governance Risk And Compliance (1), Group Reporting Data Collection (1), Gui (1), Guided Procedures Archive Monitor (1), HANA (29), HANA Client (1), HANA DB (14), HANA Database (6), HANA Extend Application Services (2), HANA Extended Application Services (15), HANA ICM (1), HANA Web-Based Development Workbench (1), HANA Web-based Development Workbench (1), HANA XS (2), HCM (2), HCM Fiori App My Forms (1), HCM Fiori People Profile (1), HCM Travel Management Fiori Apps (1), Hana DB (1), Hana Extend Application Services (1), Host Agent (11), Hostcontrol (1), Hybris (4), Hybris Commerce (2), IDES Systems (1), IQ (2), Identity Management (4), Industry-Specific Components for Hospitals (1), Information Steward (1), InfraBox (1), Infrastructure (1), Innovation Management (1), Intelligence (3), Internet Communication Framework (1), Internet Communication Manager (4), Internet Graphic Server (1), Internet Graphics Server (23), Internet Graphics Service (11), Internet Transaction Server (9), Inventory Manager (2), J2EE Engine (5), Java AS (2), Java Server (1), KERNEL (1), KERNEL 32 (1), KERNEL 64 (1), KRNL32NUC (2), KRNL32UC (1), KRNL64NUC (2), Kernel (8), Knowledge Management (2), Knowledge Warehouse (1), Krnl64nuc (1), LT Replication Server (1), Landscape Management (7), Leasing (1), Lumira Server (1), MESSAGING (1), MII (1), Management Console (1), Manufacturing Execution (3), Manufacturing Integration (3), Marketing (3), Master Data Governance (3), Master Data Governance Material (1), Master Data Management (1), Master Data Synchronization (1), MaxDB (6), MaxDB ODBC Driver (1), Message Server (2), Mobile Infrastructure (1), Mobile Platform (9), Mobile SDK Certificate Provider (1), Mobile Secure Android Application (2), MySAP Business Suite (1), My Travel Requests (1), NW EP (1), NZDT Mapping Table Framework (1), NetWeaver (152), NetWeaver ABAP (1), NetWeaver ABAP Application Server and ABAP Platform (1), NetWeaver ABAP Server (14), NetWeaver AS ABAP (35), NetWeaver AS ABAP Business Server Pages Test Application IT00 (2), NetWeaver AS ABAP and ABAP Platform (2), NetWeaver AS JAVA (36), NetWeaver AS Java (10), NetWeaver AS Java User Management Engine (1), NetWeaver AS Java and ABAP (1), NetWeaver AS Java for Deploy Service (1), NetWeaver AS for ABAP (5), NetWeaver AS for ABAP and ABAP Platform (4), NetWeaver AS for JAVA (5), NetWeaver AS for Java (4), NetWeaver Administrator (2), NetWeaver Application Server (5), NetWeaver Application Server ABAP (22), NetWeaver Application Server ABAP and ABAP Platform (4), NetWeaver Application Server Java (9), NetWeaver Application Server Java Web Container (1), NetWeaver Application Server Java for Classload Service (1), NetWeaver Application Server for ABAP (9), NetWeaver Application Server for ABAP and ABAP Platform (18), NetWeaver Application Server for Java (6), NetWeaver Application server for ABAP and ABAP Platform (1), NetWeaver BI (1), NetWeaver BW (1), NetWeaver Business Client (2), NetWeaver Business Client for HTML (1), NetWeaver Business Warehouse (1), NetWeaver Composite Application Framework (1), NetWeaver Developer Studio (1), NetWeaver Development Infrastructure (4), NetWeaver Dispatcher (3), NetWeaver Enterprise Portal (4), NetWeaver Gateway (7), NetWeaver Guided Procedures (1), NetWeaver Internet Communication Manager (1), NetWeaver Internet Transaction Server (1), NetWeaver J2EE Engine (2), NetWeaver Java (1), NetWeaver Knowledge Management (2), NetWeaver Knowledge Management Configuration Service (1), NetWeaver Knowledge Management XMLEditor (1), NetWeaver Logviewer (2), NetWeaver Master Data Management (2), NetWeaver Portal (4), NetWeaver Process Integration (18), NetWeaver Process Integration Runtime Workbench (1), NetWeaver UDDI Server (2), NetWeaver and ABAP Platform (1), NetWeaver for Java Application Server (1), Netweaver (3), Netweaver ABAP Application Server (1), Netweaver Abap (2), Netweaver Business Client For Html (1), Netweaver Business Warehouse (1), Netweaver Enterprise Portal (13), Netweaver Exchange Infrastructure (1), Netweaver Java AS (7), Netweaver Java Application Server (3), Netweaver Nw04s (1), Netweaver Software Lifecycle Manager (1), Netweaver Solution Manager (1), Network Interface Router (3), Oil & Gas (1), Oil Industry Solution Traders And Schedulers Workbench (1), Open Hub Service (1), OpenUI5 (1), OrientDB (1), Output Management (1), PDCE (1), POS (2), Payment Engine (1), Payroll Process (1), Permit to Work (1), Plant Connectivity (3), Portfolio Management (1), PowerDesigner (4), PowerDesigner Client (2), PowerDesigner Proxy (1), Print (1), Process Integration (4), Process Monitoring Infrastructure (1), Product Lifecycle Costing (1), Production Planning (1), Production and Revenue Accounting (1), Profile Maintenance (1), Project Management (1), Project System (1), Quality Management (1), R (2), R3 (4), R3 Enterprise Application (1), R3 Enterprise Retail (1), RFC Library (6), Replication Server (1), Risk Management (4), S-4 HANA (3), S-4HANA (7), S4 HANA (11), S4CORE (3), S4FPSL (1), S4HANA (11), S4HANA Finance (2), S4HANA Manage (1), S4HANA Sales (1), S4HANA eProcurement (1), SAF-T Framework (1), SAP-JEECOR (1), SAP BusinessObjects Business Intelligence Platform (4), SAPCAR (4), SAPCRYPTOLIB (1), SAP Content Server (1), SAP Host Agent (1), SAPLPD (1), SAP NetWeaver Application Server (1), SAPRSBRO (1), SAPSSOEXT (1), SAPSetup (1), SAPSprint (2), SAPUI5 (2), SAPUI5 Library (1), SAP Web Dispatcher (1), SAP_ABA (1), SAP_APPL (1), SAP_XIAF (1), SAPgui (1), SAProuter (2), SCIMono (2), SE (1), SHANA (1), SLD Registration Program (1), SQL Anywhere (8), SRM MDM Catalog (1), SapSetup (1), Server Core (1), Setup (1), Shared Service Framework (2), Simple Diagnostics Agent (2), Software Deployment Manager (2), Software Provisioning Manager (1), Solman (1), Solution Manager (33), Sourcing (1), Student Life Cycle Management (3), SuccessFactors (1), SuccessFactors Mobile Application (2), SuccessFactors Recruiting (1), Supplier Relationship Management (4), Sybase Adaptive Server Enterprise (2), Sybase Unwired Platform Online Data Proxy (1), System Landscape Directory (2), TREX (9), Transaction Data Pool (1), Transport System (1), Transportation Management (1), Treasury (4), UI (2), UI5 (3), UI5 HTTP Handler (1), UI5 Variant Management (1), Upgrade tools (1), Web Application Server (16), Web Dispatcher (10), Web Dynpro ABAP (1), WebDynpro Java (2), Web Dynpro for ABAP (1), Web Dynpro for BSP (1), Web Services Tool (1), Webintelligence BILaunchPad (1), Work (1), Work Manager (1), adminadapter (1), cloud-security-client-go (1), cloud-security-services-integration-library (1), sap-cloud-sdk (1), sap-xssec (1), saposcol (1), xssec (1)

Link to Vendor Website: https://www.sap.com/

PublishedBaseTempVulnerabilityProdExpRemEPSSCTICVE
01/14/20259.89.6SAP NetWeaver Application Server for ABAP and ABAP Platform improper authenticationApplication Server SoftwareNot DefinedOfficial Fix0.000430.05CVE-2025-0070
01/14/20257.47.2SAP SAPSetup uncontrolled search pathUnknownNot DefinedOfficial Fix0.000430.09CVE-2025-0069
01/14/20254.44.4SAP BusinessObjects Business Intelligence Platform cross site scriptingBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.03CVE-2025-0060
01/14/20257.17.0SAP BusinessObjects Business Intelligence Platform exposure of sensitive system information to an unauthorized control sphereBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.04CVE-2025-0061
01/14/20255.45.3SAP Business Workflow and Flexible Workflow authorizationUnknownNot DefinedOfficial Fix0.000430.15CVE-2025-0058
01/14/20254.74.6SAP NetWeaver AS JAVA User Admin Application unrestricted uploadSolution Stack SoftwareNot DefinedOfficial Fix0.000430.04CVE-2025-0057
01/14/20254.14.1SAP NetWeaver Application Server ABAP GUI for HTML exposure of sensitive system information to an unauthorized control sphereApplication Server SoftwareNot DefinedOfficial Fix0.000430.00CVE-2025-0059
01/14/20254.34.2SAP NetWeaver Application Server ABAP authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.08CVE-2025-0068
01/14/20259.39.1SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework permission assignmentSolution Stack SoftwareNot DefinedOfficial Fix0.000430.10CVE-2025-0066
01/14/20257.57.4SAP NetWeaver AS ABAP and ABAP Platform RFC Function Module sql injectionSolution Stack SoftwareNot DefinedOfficial Fix0.000430.08CVE-2025-0063
01/14/20256.36.1SAP NetWeaver Application Server Java JCo Connection authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.04CVE-2025-0067
01/14/20254.14.1SAP GUI for Java exposure of sensitive system information to an unauthorized control sphereProgramming Language SoftwareNot DefinedOfficial Fix0.000430.04CVE-2025-0056
01/14/20254.14.1SAP GUI for Windows exposure of sensitive system information to an unauthorized control sphereUnknownNot DefinedOfficial Fix0.000430.04CVE-2025-0055
01/14/20255.35.2SAP NetWeaver Application Server for ABAP and ABAP Platform URL information exposureApplication Server SoftwareNot DefinedOfficial Fix0.000430.04CVE-2025-0053
12/10/20248.18.0SAP NetWeaver AS for JAVA Adobe Document Service server-side request forgerySolution Stack SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-47578
12/10/20244.74.7SAP NetWeaver AS for JAVA Adobe Document Services file information disclosureSolution Stack SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-47580
12/10/20244.74.7SAP NetWeaver AS for JAVA Adobe Document Services upload file information disclosureSolution Stack SoftwareNot DefinedOfficial Fix0.000430.08CVE-2024-47579
12/10/20246.36.2SAP NetWeaver AS JAVA xml external entity referenceSolution Stack SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-47582
12/10/20244.34.2SAP HCM Approve Timesheets authorizationHuman Capital Management SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-47581
12/10/20243.33.2SAP Product Lifecycle Costing uncontrolled search pathUnknownNot DefinedOfficial Fix0.000430.06CVE-2024-47576
12/10/20245.35.2SAP BusinessObjects Business Intelligence Platform exposure of sensitive system information to an unauthorized control sphereBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-32732
12/10/20247.37.1SAP NetWeaver Administrator System Overview server-side request forgerySolution Stack SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-54197
12/10/20242.72.6SAP Commerce Cloud Webservice API Endpoint cleartext transmissionCloud SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-47577
12/10/20244.34.2SAP NetWeaver Application Server for ABAP and ABAP Platform authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.06CVE-2024-47585
12/10/20248.07.8SAP NetWeaver Application Server ABAP RFC Request improper control of dynamically-identified variablesApplication Server SoftwareNot DefinedOfficial Fix0.000430.06CVE-2024-54198
11/12/20245.45.3SAP Host Agent privileges assignmentUnknownNot DefinedOfficial Fix0.000430.03CVE-2024-47595
11/12/20248.88.6SAP Web Dispatcher incomplete filtering of special elementsUnknownNot DefinedOfficial Fix0.000430.04CVE-2024-47590
11/12/20243.93.8SAP Cash Management Cash Operations authorizationUnknownNot DefinedOfficial Fix0.000430.10CVE-2024-47587
11/12/20243.63.5SAP NetWeaver Java Software Update Manager insufficiently protected credentialsSolution Stack SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-47588
11/12/20244.34.2SAP NetWeaver Application Server ABAP improper authenticationApplication Server SoftwareNot DefinedOfficial Fix0.000430.06CVE-2024-47593
11/12/20246.96.8SAP NetWeaver AS Java System Landscape Directory authorizationSolution Stack SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-42372
11/12/20245.35.2SAP NetWeaver Application Server Java Logon Application excessive authenticationApplication Server SoftwareNot DefinedOfficial Fix0.000430.18CVE-2024-47592
11/12/20245.35.2SAP NetWeaver Application Server for ABAP and ABAP Platform HTTP Request null pointer dereferenceApplication Server SoftwareNot DefinedOfficial Fix0.000430.12CVE-2024-47586
10/08/20244.84.7SAP Commerce Backoffice cross site scriptingUnknownNot DefinedOfficial Fix0.000450.00CVE-2024-45278
10/08/20244.64.6SAP S4 HANA Manage Bank Statement trusting http permission methods on the server sideUnknownNot DefinedOfficial Fix0.000460.00CVE-2024-45282
10/08/20244.34.2SAP HANA Client Global Object prototype pollutionDatabase SoftwareNot DefinedOfficial Fix0.000530.04CVE-2024-45277
10/08/20246.26.1SAP BusinessObjects Business Intelligence Platform Web Intelligence unrestricted uploadBusiness Process Management SoftwareNot DefinedOfficial Fix0.000490.00CVE-2024-37179
10/08/20244.84.7SAP NetWeaver Enterprise Portal KMC Servlet cross site scriptingSolution Stack SoftwareNot DefinedOfficial Fix0.000450.00CVE-2024-47594
09/10/20245.25.1SAP S4HANA eProcurement cross site scriptingUnknownNot DefinedOfficial Fix0.000430.04CVE-2024-42378
09/10/20244.94.8SAP BusinessObjects Business Intelligence Platform untrusted search pathBusiness Process Management SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-45281
09/10/20242.42.3SAP Student Life Cycle Management SLCM Transaction authorizationUnknownNot DefinedOfficial Fix0.000430.00CVE-2024-45284
09/10/20245.45.3SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-44117
09/10/20244.34.2SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-42380
09/10/20245.45.3SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-42371
09/10/20244.34.2SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-44116
09/10/20244.34.2SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-44115
09/10/20245.45.3SAP NetWeaver Application Server for ABAP and ABAP Platform Packet authorizationApplication Server SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-45285
09/10/20244.34.2SAP S4 HANA Statutory Reports exposure of sensitive information due to incompatible policiesUnknownNot DefinedOfficial Fix0.000430.03CVE-2024-44121
09/10/20244.34.2SAP Oil & Gas Transportation/Distribution authorizationUnknownNot DefinedOfficial Fix0.000450.03CVE-2024-44112
09/10/20245.45.3SAP Production and Revenue Accounting Tobin interface authorizationAccounting SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-45286

1598 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!