Sap Security Vulnerabilities (CVEs)
Track 221 security vulnerabilities affecting Sap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2022-28773 is an uncontrolled recursion vulnerability in SAP Web Dispatcher and SAP Internet Communication Manager that can cause a denial of serv...
Apr 12, 2022CVE-2022-27667 is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform's Client Management Console (CMC). It ...
Apr 12, 2022CVE-2022-28772 is a stack-based buffer overflow vulnerability in SAP Web Dispatcher and Internet Communication Manager. Attackers can send overlong in...
Apr 12, 2022CVE-2022-27658 is an information disclosure vulnerability in SAP Innovation Management 2.0 that allows attackers to access sensitive information under...
Mar 28, 2022CVE-2022-26100 is a critical input validation vulnerability in SAPCAR archive utility version 7.22 that allows attackers to crash the process and pote...
Mar 10, 2022CVE-2022-24396 is an authentication bypass vulnerability in SAP FRUN Simple Diagnostics Agent versions 1.0 through 1.57. Attackers can access administ...
Mar 10, 2022CVE-2022-22536 is a critical HTTP request smuggling vulnerability in multiple SAP components that allows unauthenticated attackers to prepend maliciou...
Feb 9, 2022CVE-2022-22532 is a critical memory corruption vulnerability in SAP NetWeaver Application Server Java that allows unauthenticated attackers to execute...
Feb 9, 2022CVE-2022-22540 is an SQL injection vulnerability in SAP NetWeaver AS ABAP Workplace Server that allows attackers to execute crafted database queries. ...
Feb 9, 2022CVE-2022-22543 is a denial-of-service vulnerability in SAP NetWeaver ABAP Kernel where insufficient validation of SAP-Passport information allows unau...
Feb 9, 2022CVE-2022-22544 is a privilege escalation vulnerability in SAP Solution Manager Diagnostics Root Cause Analysis Tools version 720 that allows administr...
Feb 9, 2022This vulnerability in SAP S/4HANA's F0743 Create Single Payment application allows attackers with basic user rights to upload malicious files without ...
Jan 14, 2022This vulnerability allows attackers to execute SQL injection attacks on SAP Commerce systems configured with Oracle databases when using parameterized...
Dec 14, 2021This vulnerability in SAP GRC Access Control allows authenticated users to bypass authorization checks, potentially escalating their privileges within...
Dec 14, 2021CVE-2021-40501 is an authorization bypass vulnerability in SAP ABAP Platform Kernel that allows authenticated business users to escalate privileges an...
Nov 10, 2021This vulnerability in SAP GUI for Windows allows attackers with local client-side privileges to obtain password-equivalent credentials. Affected users...
Nov 10, 2021CVE-2021-40499 is a critical code injection vulnerability in SAP Cloud Print Manager and SAPSprint components of SAP NetWeaver Application Server for ...
Oct 12, 2021CVE-2021-38181 is a denial-of-service vulnerability in SAP NetWeaver AS ABAP and ABAP Platform that allows attackers to crash or flood services, preve...
Oct 12, 2021This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Development Infrastructure Component Build Service that allows ...
Sep 15, 2021CVE-2021-33692 is a path traversal vulnerability in SAP Cloud Connector that allows attackers to upload malicious zip backup files containing director...
Sep 15, 2021CVE-2021-33695 is a certificate validation vulnerability in SAP Cloud Connector that allows attackers to intercept and potentially manipulate communic...
Sep 15, 2021This vulnerability allows authenticated users with business authorization in SAP Business One to upload arbitrary files, including malicious scripts, ...
Sep 15, 2021This CVE describes a SQL injection vulnerability in SAP's DMIS Mobile Plug-In and S/4HANA systems that allows attackers with privileged account access...
Sep 15, 2021CVE-2021-33705 is a Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Portal's Iviews Editor component that allows unauthenticated att...
Sep 15, 2021This CVE describes an SQL injection vulnerability in SAP systems where authenticated users with specific privileges can execute manipulated queries or...
Sep 14, 2021CVE-2021-38163 is a critical vulnerability in SAP NetWeaver Visual Composer that allows authenticated non-administrative users to upload malicious fil...
Sep 14, 2021CVE-2021-37531 is an XSLT injection vulnerability in SAP NetWeaver Knowledge Management XML Forms that allows authenticated non-administrative users t...
Sep 14, 2021CVE-2021-37535 is a critical authorization bypass vulnerability in SAP NetWeaver Application Server Java's JMS Connector Service. It allows attackers ...
Sep 14, 2021CVE-2021-33672 is a critical cross-site scripting (XSS) vulnerability in SAP Contact Center's Communication Desktop component that allows remote code ...
Sep 14, 2021CVE-2014-9320 is a critical vulnerability in SAP BusinessObjects Edge 4.1 that allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_T...
Aug 9, 2021This vulnerability allows remote attackers to write arbitrary files to the SAP BusinessObjects Edge 4.0 File Repository Server via a full pathname in ...
Aug 9, 2021CVE-2021-33670 is a denial-of-service vulnerability in SAP NetWeaver AS for Java's HTTP Service Monitoring Filter. Attackers can crash the filter by s...
Jul 14, 2021CVE-2021-33676 is a missing authority check vulnerability in SAP CRM that allows authenticated attackers with high privileges to bypass authorization ...
Jul 14, 2021This vulnerability in SAP NetWeaver ABAP Server and ABAP Platform allows improper authentication due to inconsistent formatting of RFC user informatio...
Jun 16, 2021CVE-2021-33669 is an insecure temporary file vulnerability in SAP Mobile SDK Certificate Provider that allows local unprivileged attackers to exploit ...
Jun 9, 2021CVE-2021-27630 is a denial-of-service vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Enqueue Server. An unauthenticated attacker can sen...
Jun 9, 2021CVE-2021-27632 is a denial-of-service vulnerability in SAP NetWeaver ABAP Server and ABAP Platform's Enqueue Server. An unauthenticated attacker can s...
Jun 9, 2021CVE-2021-27597 is a denial-of-service vulnerability in SAP NetWeaver AS for ABAP RFC Gateway caused by improper input validation in the memmove() meth...
Jun 9, 2021CVE-2021-27607 is a denial-of-service vulnerability in SAP NetWeaver ABAP Server and ABAP Platform that allows unauthenticated attackers to crash the ...
Jun 9, 2021CVE-2021-27628 is a denial-of-service vulnerability in SAP NetWeaver ABAP Server and ABAP Platform that allows unauthenticated attackers to crash the ...
Jun 9, 2021CVE-2021-33668 is an LDAP injection vulnerability in SAP's SCIMono software that allows unauthenticated attackers to inject malicious LDAP queries. Th...
Jun 9, 2021This vulnerability in SAP Business One Chef cookbook allows attackers to access sensitive payroll data through insecure temporary folder permissions. ...
May 11, 2021CVE-2021-27616 is an information disclosure vulnerability in SAP Business One Hana Chef Cookbook that allows attackers to access restricted informatio...
May 11, 2021CVE-2021-27608 is an unquoted service path vulnerability in SAPSetup version 9.0 that allows local attackers to escalate privileges during installatio...
Apr 14, 2021This vulnerability allows authorized users in SAP Commerce Backoffice to inject malicious code into source rules, which are translated to Drools rules...
Apr 13, 2021CVE-2021-21482 allows unauthorized attackers on the same network subnet as SAP NetWeaver MDM servers to brute-force administrative passwords. Successf...
Apr 13, 2021This vulnerability in SAP 3D Visual Enterprise Viewer version 9 allows attackers to cause a denial of service by crashing the application when users o...
Mar 9, 2021CVE-2021-27587 is a denial-of-service vulnerability in SAP 3D Visual Enterprise Viewer version 9 that crashes the application when opening malicious J...
Mar 9, 2021CVE-2021-27589 is a denial-of-service vulnerability in SAP 3D Visual Enterprise Viewer version 9. When users open malicious SVG files, the application...
Mar 9, 2021CVE-2021-27591 is a denial-of-service vulnerability in SAP 3D Visual Enterprise Viewer version 9. When users open specially crafted PDF files, the app...
Mar 9, 2021Why Monitor Sap Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 221+ known vulnerabilities affecting Sap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Sap packages in under 60 seconds. No agents required - completely agentless scanning that works across Sap deployments.
Free vulnerability database: Access detailed information about every Sap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Sap CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
