Sap Security Vulnerabilities (CVEs)
Track 209 security vulnerabilities affecting Sap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated attackers within the network to replace temporary executable files during SAP Business Objects installation wi...
Aug 8, 2023SAP PowerDesigner 16.7 has an improper access control vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries against the...
Aug 8, 2023This SQL injection vulnerability in SAP Business One's B1i module allows authenticated users with deep knowledge to craft malicious queries that can r...
Aug 8, 2023This vulnerability in SAP Solution Manager's Diagnostics agent allows attackers to tamper with request headers, potentially poisoning content served t...
Jul 11, 2023This vulnerability allows authenticated attackers to execute arbitrary operating system commands on SAP ECC and S/4HANA systems with IS-OIL component....
Jul 11, 2023CVE-2023-36925 is a server-side request forgery (SSRF) vulnerability in SAP Solution Manager Diagnostics Agent version 7.20 that allows unauthenticate...
Jul 11, 2023An unauthenticated attacker can send specially crafted requests to SAP Web Dispatcher, which may cause back-end servers to confuse message boundaries ...
Jul 11, 2023This vulnerability allows authenticated non-administrative users in SAP NetWeaver BI Content Add-On to exploit a directory traversal flaw to overwrite...
Jul 11, 2023CVE-2023-35871 is a memory corruption vulnerability in SAP Web Dispatcher and related components that allows unauthenticated attackers to cause logica...
Jul 11, 2023SAP Plant Connectivity (PCo) 15.5 and Production Connector for SAP Digital Manufacturing 1.0 fail to validate JWT signatures in HTTP requests, allowin...
Jun 13, 2023This CVE describes a stored cross-site scripting (XSS) vulnerability in SAP UI5 Variant Management where user-controlled inputs are not properly encod...
Jun 13, 2023This vulnerability in SAPUI5's sap.m.FormattedText control allows CSS injection due to improper input neutralization. Attackers can block user interac...
May 9, 2023This vulnerability in SAP PowerDesigner Proxy allows remote attackers to crash the proxy server by sending a specially crafted request, causing memory...
May 9, 2023This vulnerability in SAP GUI for Windows allows attackers to steal NTLM authentication credentials by tricking users into clicking malicious shortcut...
May 9, 2023This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated administrators to steal login tokens of any logged-in us...
May 9, 2023This vulnerability allows attackers with administrative privileges to exploit a directory traversal flaw in SAP NetWeaver BI CONT ADDON reports to upl...
Apr 11, 2023CVE-2023-27267 is an authentication bypass and input validation vulnerability in SAP Diagnostics Agent version 720 that allows remote attackers to exe...
Apr 11, 2023This vulnerability in SAP BusinessObjects Business Intelligence Platform allows attackers with basic privileges to access and decrypt lcmbiar files, e...
Apr 11, 2023This vulnerability allows authenticated non-administrative users to exploit a directory traversal flaw in SAPRSBRO program to overwrite critical syste...
Mar 14, 2023This vulnerability allows authenticated non-administrative users in SAP Solution Manager and ABAP managed systems to exploit a vulnerable interface to...
Mar 14, 2023CVE-2023-27498 is a memory corruption vulnerability in SAP Host Agent (SAPOSCOL) version 7.22 that allows unauthenticated attackers with network acces...
Mar 14, 2023This vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform allows authenticated non-administrative users to craft requests that trigger the app...
Mar 14, 2023This CVE allows attackers with non-administrative SAP authorizations to exploit a directory traversal vulnerability in SAP NetWeaver ABAP services. At...
Mar 14, 2023CVE-2023-23857 is an authentication bypass vulnerability in SAP NetWeaver AS for Java that allows unauthenticated attackers to access sensitive naming...
Mar 14, 2023CVE-2023-25616 is a code injection vulnerability in SAP Business Objects Business Intelligence Platform's Central Management Console (CMC) that allows...
Mar 14, 2023This vulnerability allows authenticated admin users in SAP BusinessObjects Business Intelligence Platform (CMC) to upload malicious code that gets exe...
Feb 14, 2023This vulnerability allows authenticated non-admin users with local access to SAP Host Agent ports to execute arbitrary operating system commands with ...
Feb 14, 2023This vulnerability in SAP BusinessObjects Business Intelligence platform allows authenticated attackers to access sensitive information that should be...
Feb 14, 2023This vulnerability in SAP 3D Visual Enterprise Viewer allows remote code execution when a user opens a malicious SVG file. Attackers can exploit memor...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Viewer allows remote code execution when a user opens a malicious VRML file. Attackers can exploit impr...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Viewer allows remote code execution when a user opens a malicious Encapsulated PostScript (.eps) or AI....
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Viewer allows remote code execution when a user opens a malicious Wavefront Object (.obj) file. Attacke...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious Visual Design Stream (.vds) file. Att...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious PDF file. Attackers can exploit impro...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious IGES file. Attackers can exploit impr...
Oct 11, 2022This vulnerability allows remote code execution when a user opens a malicious AutoCAD DXF file in SAP 3D Visual Enterprise Author. Attackers can explo...
Oct 11, 2022CVE-2022-39808 is a memory corruption vulnerability in SAP 3D Visual Enterprise Author that allows remote code execution when a user opens a malicious...
Oct 11, 2022This vulnerability allows remote code execution when a user opens a malicious CATIA5 Part (.catpart) file in SAP 3D Visual Enterprise Author version 9...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious ACIS Part and Assembly (.sat) file. A...
Oct 11, 2022This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious Computer Graphics Metafile (.cgm) fil...
Oct 11, 2022This CVE describes a reflected cross-site scripting (XSS) vulnerability in SAP Data Services Management console where user input is improperly echoed ...
Oct 11, 2022This vulnerability in SAP SuccessFactors allows authenticated users with standard privileges to perform administrative actions on attachments via misc...
Jul 27, 2022CVE-2022-35228 is a cross-site request forgery (CSRF) vulnerability in SAP BusinessObjects Central Management Console (CMC) that allows an unauthentic...
Jul 12, 2022CVE-2022-31593 is a code injection vulnerability in SAP Business One client version 10.0 that allows authenticated attackers with low privileges to ex...
Jul 12, 2022This vulnerability in SAP Business One integration with SAP HANA allows attackers to access HANA cockpit's data volume containing sensitive informatio...
Jul 12, 2022CVE-2022-28771 is an authentication bypass vulnerability in SAP Business One License Service API that allows unauthenticated attackers to send malicio...
Jul 12, 2022CVE-2022-31591 is an unquoted service path vulnerability in SAP BusinessObjects BW Publisher Service that allows local attackers to execute arbitrary ...
Jul 12, 2022CVE-2022-31595 is an authorization bypass vulnerability in SAP Financial Consolidation version 1010 that allows authenticated users to escalate privil...
Jun 14, 2022SAP BusinessObjects Enterprise Central Management Server (CMS) versions 420 and 430 expose authentication credentials in Sysmon event logs during upda...
May 11, 2022CVE-2022-29611 is an authorization bypass vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform that allows authenticated users...
May 11, 2022Why Monitor Sap Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 209+ known vulnerabilities affecting Sap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Sap packages in under 60 seconds. No agents required - completely agentless scanning that works across Sap deployments.
Free vulnerability database: Access detailed information about every Sap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Sap CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
