Sap Security Vulnerabilities (CVEs)
Track 209 security vulnerabilities affecting Sap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated users with restricted access in SAP BusinessObjects Business Intelligence Platform to inject malicious JavaScr...
Jan 14, 2025SAP BusinessObjects Business Intelligence Platform has an information disclosure vulnerability that allows unauthenticated attackers to hijack user se...
Jan 14, 2025SAP NetWeaver AS ABAP and ABAP Platform have an authorization bypass vulnerability in RFC function modules. Attackers with basic user privileges can e...
Jan 14, 2025This critical vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform's Internet Communication Framework allows attackers to bypass access contro...
Jan 14, 2025SAP NetWeaver Application Server for ABAP and ABAP Platform contains an information disclosure vulnerability where unauthenticated attackers can acces...
Jan 14, 2025CVE-2024-32732 is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform that allows attackers to access restri...
Dec 10, 2024This CVE describes a cross-site scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal's KMC servlet where user inputs aren't properly encod...
Oct 8, 2024The SAP HANA Node.js client package versions 2.0.0 through 2.21.30 are vulnerable to prototype pollution when using the nestTables feature. This allow...
Oct 8, 2024This vulnerability allows attackers to modify read-only fields in Bank Statement Drafts within SAP's Manage Bank Statements application using the ODat...
Oct 8, 2024CVE-2024-37179 is an unrestricted file download vulnerability in SAP BusinessObjects Business Intelligence Platform. Authenticated attackers can explo...
Oct 8, 2024This vulnerability in SAP for Oil & Gas (Transportation and Distribution) allows authenticated non-administrative users to delete non-sensitive entrie...
Sep 10, 2024CVE-2024-39591 is an authorization bypass vulnerability in SAP Document Builder where a specific function module lacks proper authorization checks. Th...
Aug 13, 2024This vulnerability in SAP Student Life Cycle Management (SLcM) allows authenticated users to bypass authorization checks and delete non-sensitive repo...
Aug 13, 2024CVE-2024-41737 is a server-side request forgery (SSRF) vulnerability in SAP CRM ABAP Insights Management that allows authenticated attackers to enumer...
Aug 13, 2024This XML injection vulnerability in SAP BEx Web Java Runtime Export Web Service allows attackers to retrieve sensitive information from SAP ADS system...
Aug 13, 2024CVE-2024-42376 is an authorization bypass vulnerability in SAP Shared Service Framework where authenticated users can escalate privileges without prop...
Aug 13, 2024SAP Commerce Backoffice has a cross-site scripting (XSS) vulnerability where insufficient input encoding allows attackers to inject malicious scripts....
Aug 13, 2024This vulnerability allows unauthorized users to obtain logon tokens via a REST endpoint when Single Sign-On is enabled with Enterprise authentication ...
Aug 13, 2024This vulnerability in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft URLs that bypass allowlist controls. Attackers c...
Aug 13, 2024This vulnerability in SAP Commerce Cloud's OCC API endpoints allows attackers to access sensitive PII data like passwords, email addresses, and coupon...
Aug 13, 2024CVE-2024-39600 is a memory disclosure vulnerability in SAP GUI for Windows where passwords remain in memory after login, potentially allowing attacker...
Jul 9, 2024SAP Business Warehouse - Business Planning and Simulation application has a reflected cross-site scripting (XSS) vulnerability due to insufficient inp...
Jul 9, 2024This Server-Side Request Forgery (SSRF) vulnerability in SAP Transportation Management (Collaboration Portal) allows authenticated non-administrative ...
Jul 9, 2024CVE-2024-37175 is a missing authorization vulnerability in SAP CRM WebClient that allows authenticated users to escalate privileges and access sensiti...
Jul 9, 2024This CVE describes a cross-site scripting (XSS) vulnerability in SAP CRM WebClient UI's custom CSS support option. Attackers can inject malicious scri...
Jul 9, 2024CVE-2024-39592 is an authorization bypass vulnerability in SAP PDCE (Product Data Cloud Edition) that allows authenticated users to escalate privilege...
Jul 9, 2024This CVE describes a cross-site scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor where weak encoding of user-controlled i...
Jul 9, 2024This is a cross-site scripting (XSS) vulnerability in SAP CRM WebClient UI that allows unauthenticated attackers to craft malicious URLs containing sc...
Jun 11, 2024This vulnerability in SAP NetWeaver AS Java allows attackers to perform denial-of-service attacks by exploiting unrestricted access to Meta Model Repo...
Jun 11, 2024CVE-2024-34691 is an authorization bypass vulnerability in SAP S/4HANA's Manage Incoming Payment Files (F1680) transaction. Authenticated users can pe...
Jun 11, 2024An authenticated attacker can upload malicious files to the SAP Document Builder service, which when accessed by a victim allows the attacker to acces...
Jun 11, 2024SAP Business Objects Business Intelligence Platform contains a stored cross-site scripting (XSS) vulnerability in the Opendocument URL parameter. Atta...
May 14, 2024CVE-2024-25646 is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence Launch Pad where improper validation allows aut...
Apr 9, 2024CVE-2024-24743 is an XML external entity (XXE) vulnerability in SAP NetWeaver AS Java's Guided Procedures component. Unauthenticated attackers can sub...
Feb 13, 2024This CVE describes a cross-site scripting (XSS) vulnerability in SAP CRM WebClient UI's print preview feature. Attackers with low-privilege access can...
Feb 13, 2024This vulnerability in SAP ABA allows authenticated users with remote execution authorization to exploit a vulnerable interface, enabling them to invok...
Feb 13, 2024SAP LT Replication Server in specified S4CORE versions lacks proper authorization checks, allowing authenticated high-privilege users to escalate priv...
Jan 9, 2024This vulnerability in SAP BTP Security Services Integration Library (Golang client) allows unauthenticated attackers to escalate privileges and obtain...
Dec 12, 2023This vulnerability in the Emarsys SDK for Android allows attackers to bypass authorization checks and launch arbitrary web pages or deep links from th...
Dec 12, 2023This vulnerability in SAP BTP Security Services Integration Library allows unauthenticated attackers to escalate privileges and gain arbitrary permiss...
Dec 12, 2023This vulnerability in SAP GUI for Windows and Java allows unauthenticated attackers to access restricted information and create ABAP List Viewer layou...
Dec 12, 2023CVE-2023-49583 is a critical privilege escalation vulnerability in SAP BTP Security Services Integration Library for Node.js. Unauthenticated attacker...
Dec 12, 2023This vulnerability allows locked B2B users in SAP Commerce Cloud to bypass account restrictions by exploiting the forgotten password functionality whe...
Dec 12, 2023SAP Business Objects Business Intelligence Platform contains a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to ...
Dec 12, 2023This vulnerability in SAP Business One version 10.0 allows unauthenticated attackers to read, write, and execute files on SMB shared folders used duri...
Nov 14, 2023CVE-2023-40309 is an authentication bypass vulnerability in SAP CommonCryptoLib that allows authenticated users to escalate privileges by bypassing au...
Sep 12, 2023This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attackers to view sensitive information that should be r...
Sep 12, 2023This vulnerability allows authenticated attackers to bypass file type validation in SAP BusinessObjects Business Intelligence Platform's Web Intellige...
Sep 12, 2023CVE-2023-39438 is an authorization bypass vulnerability in CLA-assistant that allows any authenticated user to read, update, or delete CLA (Contributo...
Aug 15, 2023CVE-2023-39437 is a cross-site scripting (XSS) vulnerability in SAP Business One version 10.0 that allows attackers to inject malicious scripts into w...
Aug 8, 2023Why Monitor Sap Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 209+ known vulnerabilities affecting Sap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Sap packages in under 60 seconds. No agents required - completely agentless scanning that works across Sap deployments.
Free vulnerability database: Access detailed information about every Sap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Sap CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
