Sap Security Vulnerabilities (CVEs)
Track 209 security vulnerabilities affecting Sap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-24314 is an information disclosure vulnerability in SAP S/4HANA's Manage Payment Media component that allows authenticated users to access re...
Feb 24, 2026This vulnerability in SAP Strategic Enterprise Management allows authenticated users to bypass authorization checks and view unauthorized information ...
Feb 10, 2026CVE-2026-24328 is an open redirect vulnerability in SAP TAF_APPLAUNCHER within Business Server Pages that allows unauthenticated attackers to craft ma...
Feb 10, 2026SAP Commerce Cloud exposes sensitive API endpoints to unauthenticated users, allowing unauthorized access to confidential information. This affects or...
Feb 10, 2026SAP Solution Tools Plug-In (ST-PI) contains an authorization bypass vulnerability where authenticated users can access sensitive information without p...
Feb 10, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in BSP applications where unauthenticated attackers can inject malicious scrip...
Feb 10, 2026This vulnerability allows authenticated users with standard privileges in SAP BusinessObjects Business Intelligence Platform to execute a specific que...
Feb 10, 2026This stored XSS vulnerability in SAP BusinessObjects Enterprise allows admin users to inject malicious JavaScript into web pages. When other users vis...
Feb 10, 2026This vulnerability in SAP S/4HANA Defense & Security allows authenticated users with standard privileges to directly modify database tables through re...
Feb 10, 2026This vulnerability in SAP Fiori App Manage Service Entry Sheets allows authenticated users to perform unauthorized actions due to missing authorizatio...
Feb 10, 2026This CVE describes a denial-of-service vulnerability in SAP systems where authenticated users can trigger excessive resource consumption by invoking a...
Feb 10, 2026This vulnerability allows authenticated administrative users in SAP Business Workflow to bypass role-based access controls and perform unauthorized hi...
Feb 10, 2026SAP Business One writes sensitive information to memory dump files without obfuscation, allowing attackers who access these files to potentially perfo...
Feb 10, 2026This vulnerability in SAP NetWeaver and ABAP Platform allows authenticated attackers to exploit memory management errors by sending specially crafted ...
Feb 10, 2026This CRLF injection vulnerability in SAP NetWeaver Application Server Java allows authenticated administrators to inject malicious entries into config...
Feb 10, 2026This vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated attackers with normal privileges to modify signed X...
Feb 10, 2026This CVE describes an unvalidated redirect vulnerability in BSP applications where unauthenticated attackers can manipulate URL parameters to redirect...
Feb 10, 2026This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated high-privilege attackers to insert malicious URLs that r...
Feb 10, 2026This vulnerability allows authenticated low-privileged users in SAP NetWeaver ABAP systems to execute unauthorized background Remote Function Calls, b...
Feb 10, 2026This vulnerability in SAP Support Tools Plug-In allows authenticated users to access system configuration information without proper authorization che...
Feb 10, 2026A race condition vulnerability in SAP Commerce Cloud allows attackers to manipulate cart entries during product addition, potentially enabling checkou...
Feb 10, 2026This CVE describes a deserialization vulnerability in SAP NetWeaver's JMS service that allows authenticated administrators with local access to submit...
Feb 10, 2026CVE-2026-0485 is a denial-of-service vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to crash and restart the C...
Feb 10, 2026This vulnerability in SAP ABAP systems allows authenticated users to access system information without proper authorization checks. It affects SAP sys...
Feb 10, 2026An authenticated attacker in SAP CRM and SAP S/4HANA can exploit a flaw in the Scripting Editor's generic function module to execute arbitrary SQL sta...
Feb 10, 2026CVE-2026-0490 is an authentication bypass vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to send crafted netwo...
Feb 10, 2026This vulnerability in SAP NetWeaver ABAP and SAP S/4HANA allows authenticated attackers to modify text data through unauthorized access to a specific ...
Feb 10, 2026This Cross-Site Scripting (XSS) vulnerability in SAP Business Connector allows unauthenticated attackers to craft malicious links that redirect users ...
Jan 13, 2026This CVE describes a Missing Authorization Check vulnerability in SAP ABAP systems that allows authenticated attackers to misuse RFC functions to exec...
Jan 13, 2026An open redirect vulnerability in SAP Supplier Relationship Management allows unauthenticated attackers to craft malicious URLs that redirect victims ...
Jan 13, 2026An Open Redirect vulnerability in SAP Business Connector allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-co...
Nov 11, 2025This CVE describes a Path Traversal vulnerability in SAP Business Connector that allows authenticated administrators with adjacent access to manipulat...
Nov 11, 2025This is a reflected cross-site scripting (XSS) vulnerability in SAP Business Connector that allows unauthenticated attackers to craft malicious links....
Nov 11, 2025This CVE describes an OS command injection vulnerability in SAP Business Connector that allows authenticated administrators with adjacent network acce...
Nov 11, 2025SAP NetWeaver Application Server Java has an authentication bypass vulnerability that allows unauthenticated attackers to access internal files. This ...
Sep 9, 2025This vulnerability in SAP NetWeaver Application Server for ABAP allows authenticated users with background processing access to read profile parameter...
Sep 9, 2025This Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management allows unauthenticated attackers to create malicious links that,...
Sep 9, 2025CVE-2025-42911 is an information disclosure vulnerability in SAP NetWeaver's Service Data Download component. Authenticated users can call a remote-en...
Sep 9, 2025This vulnerability in SAP NetWeaver Application Server for ABAP allows authenticated users to bypass authorization controls in the barcode interface, ...
Aug 12, 2025This vulnerability in SAP NetWeaver allows authenticated non-administrative users to call a remote-enabled function module that reveals non-sensitive ...
Jul 8, 2025CVE-2025-42999 is a deserialization vulnerability in SAP NetWeaver Visual Composer Metadata Uploader that allows privileged users to upload malicious ...
May 13, 2025This vulnerability in SAP SRM's Live Auction Cockpit allows unauthenticated attackers to execute malicious scripts in victims' browsers via a deprecat...
May 13, 2025An unauthenticated attacker can exploit a deprecated Java applet component in SAP SRM's Live Auction Cockpit to send malicious requests that disclose ...
May 13, 2025This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands as SAP Administrator on SAP SRM systems using the d...
May 13, 2025CVE-2025-31324 is an unauthenticated remote code execution vulnerability in SAP NetWeaver Visual Composer Metadata Uploader that allows attackers to u...
Apr 24, 2025This vulnerability allows attackers with local system access to modify files in SAP BusinessObjects Business Intelligence Platform due to insecure fil...
Apr 8, 2025SAP BusinessObjects Web Intelligence contains an insecure deprecated endpoint vulnerable to cross-site scripting (XSS). Attackers can inject malicious...
Mar 11, 2025CVE-2025-23193 is an information disclosure vulnerability in SAP NetWeaver Server ABAP that allows unauthenticated attackers to determine whether spec...
Feb 11, 2025This vulnerability in SAP BusinessObjects Business Intelligence platform allows administrators to generate or retrieve a secret passphrase that enable...
Feb 11, 2025This vulnerability allows authenticated attackers in SAP Business Workflow and SAP Flexible Workflow to manipulate parameters in legitimate requests t...
Jan 14, 2025Why Monitor Sap Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 209+ known vulnerabilities affecting Sap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Sap packages in under 60 seconds. No agents required - completely agentless scanning that works across Sap deployments.
Free vulnerability database: Access detailed information about every Sap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Sap CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
