Skip to main content

SAP

1669 CVEs vendor

Monthly

CVE-2026-14852 MEDIUM PATCH This Month

Privilege escalation in Checkmk's mk_sap_hana agent plugin allows a local unprivileged user to execute arbitrary commands as root by planting a process whose name mimics a SAP HANA instance. The plugin, when running as root under the RUNAS=agent configuration and lacking explicit database configuration, blindly reads the OS process list to derive SAP HANA instance identifiers and injects them unsanitized into a shell command executed with root privileges - a textbook CWE-78 OS command injection. No public exploit code or CISA KEV listing exists at time of analysis, but the attack prerequisites are achievable on any misconfigured Checkmk deployment that monitors SAP environments.

Privilege Escalation SAP Command Injection Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2026-44767 MEDIUM PATCH This Month

CSS stylesheet injection in SAP @ui5/webcomponents-base allows unauthenticated remote attackers to load arbitrary cross-origin stylesheets into victim pages by bypassing the sap-allowed-theme-origins allowlist enforcement inside setThemeRoot(). The ?sap-themeRoot URL query parameter is a direct delivery vector, making socially-engineered exploitation trivial - no authentication is required from the attacker (CVSS PR:N), only a victim page load (UI:R). Successful exploitation enables UI redressing, clickjacking, phishing overlays, visual defacement, and limited CSS attribute-selector-based data exfiltration; no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

SAP Authentication Bypass Ui5 Webcomponents Base
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-58233 HIGH This Week

Insecure deserialization in the SAP Change and Transport System Attach Tool (ctsattach) lets an authenticated, low-privileged attacker achieve remote code execution by supplying a crafted archive that a victim then processes through the tool's library. Successful exploitation yields high confidentiality and integrity impact - attackers can read sensitive data and take control of the host and its processes - with low availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-502 root cause and 7.6 CVSS make this a meaningful patch priority for SAP landscapes.

Deserialization SAP RCE Sap Change And Transport System Attach Tool Ctsattach
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-44771 MEDIUM This Month

Privilege escalation in SAP S/4HANA's Draft Operation component allows authenticated restricted users to read entity data beyond their authorized scope due to missing authorization checks. The flaw, classified under CWE-862, is exploitable over the network without elevated privileges, resulting in low confidentiality impact with no effect on integrity or availability. No public exploit code or active exploitation has been identified at time of analysis, keeping real-world risk bounded despite the network-accessible attack vector.

SAP Authentication Bypass Sap S 4Hana Draft Operation
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-44770 MEDIUM This Month

Missing authorization in SAP S/4HANA's Create Single Payment function exposes restricted entity set keys to authenticated but low-privileged users. The flaw (CWE-862) allows a restricted user to query specific payment-related entity sets beyond their intended access scope, resulting in low-impact confidentiality leakage with no effect on data integrity or system availability. No public exploit code exists and this vulnerability is not listed in CISA KEV; EPSS data was not provided, but the CVSS 4.3 medium score and limited impact scope suggest low exploitation urgency.

SAP Authentication Bypass Sap S 4 Hana Create Single Payment
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-44769 MEDIUM This Month

SQL injection in SAP S/4HANA Project Management (PPM-PRO) allows a high-privileged authenticated attacker to execute crafted database queries, exposing backend database contents. The vulnerability is reachable over the network but requires both high attack complexity and high privilege level, significantly constraining the realistic attacker pool. No public exploit or active exploitation has been identified at time of analysis, and the CVSS base score of 5.5 reflects these mitigating factors despite the potential for database exposure.

SQLi SAP Sap S 4Hana Project Management Ppm Pro
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-44768 MEDIUM This Month

Script injection in SAP CRM WebClient UI is enabled by absent Content Security Policy (CSP) directives for certain restrictive headers, allowing an authenticated low-privileged attacker to inject malicious JavaScript that executes in a victim user's browser session. The CVSS vector (PR:L/UI:R/S:C) confirms this requires both an authenticated attacker and victim interaction, with a cross-scope impact consistent with browser-context script execution. No public exploit code or CISA KEV active exploitation listing has been identified at time of analysis, and impact is bounded to low integrity with no confidentiality or availability consequence.

SAP Code Injection Sap Crm Webclient Ui
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2026-44761 CRITICAL NEWS Act Now

Authentication bypass via well-known default credentials in SAP Commerce Cloud allows an unauthenticated remote attacker to abuse a pre-provisioned sample OAuth2 client whose client ID and secret are published in SAP Help Portal documentation. If the sample client is left in place, the attacker mints a valid OAuth2 access token and calls certain APIs to read and modify business data (CVSS 9.1, high confidentiality and integrity impact, no availability impact). No public exploit identified at time of analysis, but the credentials are publicly documented, making exploitation trivial wherever the sample configuration was never removed.

SAP Information Disclosure Sap Commerce Cloud
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-44760 MEDIUM This Month

Reflected XSS in SAP NetWeaver Application Server ABAP's Business Server Pages (BSP) framework allows remote unauthenticated attackers to inject arbitrary JavaScript into HTTP responses when a victim user interacts with a crafted URL. Successful exploitation enables session token theft and execution of authenticated actions on behalf of the victim within the SAP web context. No public exploit code or CISA KEV listing is identified at time of analysis; CVSS AC:H indicates non-trivial conditions must align for successful delivery, moderating real-world risk despite the enterprise sensitivity of SAP environments.

SAP XSS Sap Netweaver Application Server Abap Applications Based On Business Server Pages
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-44759 MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated remote attackers to inject arbitrary JavaScript into URL parameters that are echoed back unencoded in server responses. When a victim with an active portal session visits a crafted URL, the injected script executes in their browser under the portal's origin, permitting session token theft, unauthorized manipulation of portal content, or forced redirection to attacker-controlled resources. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, though the unauthenticated network-accessible attack surface and low complexity make phishing-based delivery operationally straightforward.

SAP XSS Sap Netweaver Enterprise Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-44753 LOW Monitor

User account enumeration in SAP HANA Extended Application Services Classic Model (XSC) user self-service tools allows unauthenticated remote attackers to identify valid usernames and email addresses by crafting requests that elicit distinguishable server responses. The CWE-204 root cause - observable response discrepancy - means the application behaves differently for valid versus invalid accounts, leaking account existence without requiring credentials. CVSS scores this at 3.7 (AV:N/AC:H) reflecting network accessibility tempered by high attack complexity; no public exploit code or CISA KEV listing has been identified at time of analysis.

SAP Information Disclosure Sap Hana Extended Application Services Classic Model User Self Service
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-44752 HIGH This Week

Reflected cross-site scripting in SAP NetWeaver Application Server Java (specifically the Configuration Wizard component) lets an unauthenticated attacker embed malicious JavaScript in crafted URLs that executes in a victim's browser when the link is opened. Because the CVSS scope is changed (S:C) and confidentiality impact is high, a successful lure can expose sensitive session information and tamper with non-sensitive data rendered in the client. No public exploit identified at time of analysis, but the 8.2 CVSS and unauthenticated, network-reachable vector make it a meaningful phishing-driven risk for exposed SAP portals.

SAP XSS Information Disclosure Java Sap Netweaver Application Server Java Configuration Wizard
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-44747 CRITICAL NEWS Act Now

Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. There is no public exploit identified at time of analysis, but the low attack complexity and network reachability make it a high-priority patch for any exposed ABAP stack.

Buffer Overflow SAP Memory Corruption Sap Netweaver Application Server Abap
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-44745 HIGH PATCH This Week

Unauthorized access in SAP Approuter arises because the component fails to validate incoming request headers during the OAuth2 login flow under certain configurations (CWE-601, open redirect). An unauthenticated remote attacker who lures a victim into clicking a crafted link can hijack the authentication flow to gain high-confidentiality and high-integrity access to the application. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the network-reachable, low-complexity nature (CVSS 8.1) makes it a meaningful patch priority for SAP BTP/Cloud Foundry environments.

SAP Authentication Bypass Open Redirect Sap Approuter
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-27690 CRITICAL PATCH NEWS Act Now

Request-response desynchronization in SAP Approuter lets an unauthenticated remote attacker send a specially crafted HTTP request that smuggles a second request past the front end, allowing exposure of other users' HTTP responses and denial of service against the application. The flaw carries a CVSS 9.1 (high confidentiality and availability impact) and was reported by SAP; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SAP Request Smuggling Information Disclosure Sap Approuter
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-44757 MEDIUM This Month

Reflected cross-site scripting in SAP Wily Introscope Enterprise Manager allows an unauthenticated remote attacker to craft a malicious URL that, when accessed by a victim user, executes injected JavaScript within the application's browser context. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) confirms network-reachable delivery requiring no attacker credentials, but demands both high attack complexity and victim interaction, capping real-world exploitability. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in a lower-urgency tier despite the cross-scope impact.

XSS SAP
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-44755 MEDIUM This Month

Email spoofing in the SAP Business Objects Business Intelligence Platform allows authenticated network users to manipulate email sending parameters without sufficient server-side validation, enabling them to craft and dispatch emails with falsified sender or header fields. Affected users require only low-privilege authentication, and exploitation is network-accessible with no additional user interaction required. No public exploit code exists and this vulnerability is not listed in CISA KEV; the CVSS score of 4.3 (Medium) accurately reflects the limited, integrity-only impact scoped to the application.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44754 MEDIUM This Month

Unintended data disclosure in SAP's Operational Data Provisioning RFC (ODP-RFC) modules stems from missing caller identification controls that fail to restrict invocation to permitted SAP-internal applications. Highly privileged customer or third-party applications can invoke these internal RFC modules outside their intended usage context, exposing sensitive operational data across a Changed scope boundary (S:C). No public exploit has been identified at time of analysis, and this is not listed in CISA KEV; however, the High confidentiality impact combined with scope change warrants attention in SAP environments where ODP is exposed to external RFC consumers.

Authentication Bypass SAP
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-44750 MEDIUM This Month

Privilege escalation in SAP MDG's Review Match Groups Application exposes restricted actions to low-privileged authenticated users due to missing authorization checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms exploitation requires only a valid low-privileged account over the network with no additional interaction, enabling unauthorized data modification. Impact is scoped to low integrity degradation - confidentiality and availability are unaffected - making this a moderate business risk primarily for organizations where MDG data integrity is compliance-critical. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass SAP
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44748 CRITICAL NEWS Act Now

Signed XML message tampering in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated low-privileged attackers to forge identity information by capturing a valid signed message and submitting modified signed XML documents that the verifier accepts. The scope-changing flaw (CVSS 9.9) enables unauthorized access to sensitive user data and disruption of normal operations across trust boundaries. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SAP Authentication Bypass Jwt Attack
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-44746 MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver JAVA's JDBC Test Servlet enables unauthenticated remote attackers to craft malicious URLs that execute arbitrary JavaScript in a victim's browser upon interaction. The Changed Scope (S:C) in the CVSS vector indicates the injected script can affect browser context beyond the vulnerable origin, enabling session theft, credential harvesting, or unauthorized modification of webclient data. No public exploit code has been identified at time of analysis, and this vulnerability has not been listed in the CISA KEV catalog.

XSS SAP Java
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-44744 MEDIUM This Month

SQL injection in SAP S/4HANA (On-Premise) exposes sensitive ERP database content to authenticated network attackers via a vulnerable remote-enabled function module. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms low-complexity network exploitation requiring only a low-privilege SAP user account, with high confidentiality impact and no effect on data integrity or system availability. No public exploit or CISA KEV listing has been identified at time of analysis; SAP has issued a security note addressing the issue.

SAP SQLi
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44743 LOW Monitor

SAP Business Objects exposes sensitive information through a specific network-accessible endpoint when high-complexity preconditions are met, exploitable by unauthenticated remote attackers. Classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), the flaw carries a CVSS score of 3.7 (Low) with impact limited strictly to partial confidentiality loss - integrity and availability are unaffected. No public exploit has been identified at time of analysis, and no active exploitation has been confirmed.

Information Disclosure SAP
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-40128 CRITICAL NEWS Act Now

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Path Traversal SAP Java
NVD VulDB
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-27671 CRITICAL NEWS Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-24315 MEDIUM This Month

SAP Fiori Launchpad is vulnerable to malicious URL crafting that triggers arbitrary service calls within the Fiori domain, enabling credential theft from users who interact with the crafted link. Exploitation requires no attacker privileges (PR:N per CVSS) but demands high attack complexity (AC:H) and user interaction (UI:R), meaning adversaries must possess advanced system knowledge and successfully deliver the URL to a victim. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, placing this in the medium-priority tier despite the credential-theft potential.

Information Disclosure SAP
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-44749 MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27680 LOW Monitor

CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.

Privilege Escalation SAP
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-40137 MEDIUM This Month

SAP Business Server Pages TAF_APPLAUNCHER contains a cross-site scripting vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to attacker-controlled sites, potentially exposing or altering sensitive information. The vulnerability requires user interaction (clicking the link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been publicly confirmed at time of analysis.

XSS SAP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40136 MEDIUM This Month

SAP Financial Consolidation permits authenticated attackers to forcibly terminate other users' sessions, temporarily denying them access to the application. The vulnerability has limited impact, affecting only availability through session disconnection while leaving the application itself and all data integrity and confidentiality intact. CVSS score of 4.3 reflects low severity, and no public exploit code or active exploitation has been identified.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40135 MEDIUM This Month

OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.

Command Injection SAP
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-40134 MEDIUM This Month

Insufficient authorization checks in SAP Incentive and Commission Management allow authenticated users to invoke remote-enabled function modules and perform unauthorized table update operations, compromising data integrity. The vulnerability requires valid user credentials and network access but has limited scope - no confidentiality or availability impact. CVSS 4.3 (low) reflects the authentication requirement and integrity-only impact; no active exploitation or public POC identified at analysis time.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-40133 MEDIUM This Month

Missing authorization checks in SAP S/4HANA Condition Maintenance allow authenticated attackers to view and modify condition table records they should not have access to, compromising data confidentiality and integrity while potentially denying legitimate users access to those same records. The vulnerability requires valid user credentials but affects all versions of the affected module, with CVSS 6.3 reflecting its multi-faceted impact across three security dimensions.

Authentication Bypass SAP
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-40132 MEDIUM This Month

Missing authorization checks in SAP Strategic Enterprise Management's Scorecard Wizard (Business Server Pages application) allow authenticated users to access restricted information and modify risk evaluation settings without proper authorization. An attacker with valid credentials can view confidential data and alter default configuration values, artificially reducing assessed risk levels to deceive risk assessment processes. No patch availability or active exploitation has been confirmed.

Authentication Bypass SAP
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-40131 LOW Monitor

SQL injection in SAP HANA Deployment Infrastructure (HDI) deploy library allows high-privileged users to manipulate dynamically constructed SQL queries, potentially altering SELECT statements and compromising confidentiality and availability. Attack requires local access and high privileges (PR:H), limiting real-world risk despite SQL injection severity. No public exploit code or active exploitation has been identified at the time of analysis.

SQLi SAP
NVD VulDB
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-40129 MEDIUM This Month

Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code for subscribed channel users by sending specially crafted inputs. The vulnerability has low integrity impact with no confidentiality or availability consequences. CVSS 4.3 (low severity) reflects the requirement for authenticated access, but the ability to affect other users elevates practical risk in multi-tenant environments.

SAP Code Injection RCE
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-34263 CRITICAL NEWS Act Now

Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064.

RCE Java SAP
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-34260 CRITICAL NEWS Act Now

SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications.

Authentication Bypass SQLi SAP
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-34259 HIGH This Week

OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). No public exploit code or active exploitation confirmed at time of analysis, with vendor patch available via SAP Security Patch Day.

Command Injection SAP
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-27682 MEDIUM This Month

Reflected cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (Business Server Pages) allows unauthenticated attackers to inject malicious scripts via unprotected URL parameters. Successful exploitation requires victim interaction (clicking a crafted link) and affects confidentiality and integrity of application data. No public exploit code or active exploitation reported at time of analysis.

XSS SAP
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-0502 MEDIUM This Month

Cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform allows unauthenticated attackers to trick authenticated users into sending unintended requests to the web server, resulting in low-impact modifications to application integrity and availability. The vulnerability requires user interaction (clicking a malicious link) and affects all versions of the platform due to insufficient CSRF token validation. No confidentiality impact is present, limiting the attack surface to state-changing operations.

CSRF SAP
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27683 MEDIUM This Month

Reflected cross-site scripting (XSS) in SAP BusinessObjects Business Intelligence allows authenticated attackers to inject malicious JavaScript via crafted URLs that execute in victim browsers, potentially exposing restricted information. The vulnerability requires user interaction (clicking a malicious link) and affects only confidentiality with a CVSS score of 4.1 (low severity). No public exploit code or active exploitation has been identified.

SAP XSS
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-27681 CRITICAL Act Now

SQL injection in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW) allows authenticated users to execute arbitrary SQL commands against the database. Affected versions span SAP_BW 750-758, BPC4HANA 300, and HANABPC 810/816. The scope-change vector (S:C) indicates attackers can pivot beyond the vulnerable component to compromise database resources serving multiple SAP applications. Despite critical CVSS 9.9 severity, EPSS exploitation probability remains low (0.05%, 14th percentile) with CISA SSVC indicating no current exploitation and non-automatable attack profile. SAP security note 3719353 provides remediation guidance.

SAP SQLi
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-27679 MEDIUM This Month

SAP S/4HANA frontend OData Service (Manage Reference Structures) allows authenticated users to update and delete child entities without proper authorization checks, enabling privilege escalation and data integrity violations. The vulnerability requires valid user credentials but no special privileges, affecting systems running vulnerable S/4HANA versions. Attackers can exploit exposed OData endpoints to modify or remove reference structure data that should be protected from their access level.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27678 MEDIUM This Month

SAP S/4HANA backend OData Service for Manage Reference Structures allows authenticated remote attackers to modify and delete child entities without proper authorization checks, compromising data integrity across reference data structures. The vulnerability requires valid user credentials but no elevated privileges, affecting organizations running vulnerable S/4HANA versions. CVSS 6.5 with confirmed patch availability via SAP Security Patch Day.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27677 MEDIUM This Month

SAP S/4HANA OData Service for Manage Reference Equipment lacks authorization checks, allowing authenticated users to modify and delete child entities without proper access controls. The vulnerability affects S/4HANA instances with the vulnerable OData service and requires low-privilege network access, resulting in high integrity impact but no confidentiality or availability risk. No public exploit code or active exploitation has been confirmed.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27676 MEDIUM This Month

SAP S/4HANA OData Service for Manage Technical Object Structures allows authenticated users to update and delete child entities without proper authorization checks, enabling unauthorized data modification. The vulnerability affects S/4HANA deployments exposing the vulnerable OData service and requires valid user credentials but no elevated privileges. CVSS base score is 4.3 (low-to-medium severity) with confirmed patch availability from SAP Security Patch Day.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27675 LOW Monitor

SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.

SAP Code Injection RCE
NVD VulDB
CVSS 3.1
2.0
EPSS
0.0%
CVE-2026-27674 MEDIUM This Month

Cross-site scripting via code injection in SAP NetWeaver Application Server Java Web Dynpro allows unauthenticated remote attackers to inject arbitrary client-side code through crafted input, compromising user sessions and application data integrity when victims interact with the affected functionality. CVSS 6.1 (medium) reflects the requirement for user interaction and limited scope, but exploitation is straightforward with no authentication needed and low attack complexity.

SAP Code Injection RCE Java
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-27673 MEDIUM This Month

SAP S/4HANA (Private Cloud and On-Premise) allows authenticated local network users to delete arbitrary operating system files due to missing authorization checks, degrading system integrity and availability. The vulnerability requires prior authentication and high complexity attack conditions (AC:H), resulting in a CVSS score of 4.9. No evidence of active exploitation or public proof-of-concept code has been identified, but the authorization bypass is confirmed across both deployment models.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-24318 MEDIUM This Month

Insecure session management in SAP Business Objects Business Intelligence Platform allows unauthenticated attackers to obtain and reuse valid session tokens, enabling unauthorized access to victim sessions with moderate complexity. An attacker exploiting this vulnerability could access or modify information within the compromised session's scope, affecting confidentiality and integrity. The attack requires user interaction (UI:R) and high attack complexity (AC:H), limiting real-world exploitation but still warranting prioritized remediation for organizations running affected BI Platform versions.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-0512 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in SAP Supplier Relationship Management (SRM) SICF Handler allows unauthenticated remote attackers to craft malicious URLs that, when accessed by victims, execute arbitrary JavaScript within their browsers. Successful exploitation enables attackers to steal session credentials, modify procurement data, or perform actions on behalf of authenticated users, affecting confidentiality and integrity of SRM operations. The vulnerability carries a CVSS score of 6.1 with moderate real-world risk due to required user interaction and cross-origin constraints, though no public exploit code or active exploitation has been confirmed at the time of analysis.

SAP XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-34264 MEDIUM This Month

SAP Human Capital Management for SAP S/4HANA allows authenticated users with low privileges to enumerate and guess sensitive information through specific authorization check messages, resulting in information disclosure beyond their authorized scope. The vulnerability affects SAP HCM across affected versions and requires low-privilege authenticated access to exploit, with a CVSS score of 6.5 reflecting high confidentiality impact but no integrity or availability compromise.

SAP Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34262 MEDIUM This Month

SAP HANA Cockpit and HANA Database Explorer leak sensitive information to authenticated network users due to improper credential storage mechanisms (CWE-522). An authenticated attacker with network access can retrieve confidential data without requiring elevated privileges or user interaction. This vulnerability affects all versions of SAP HANA Cockpit and HANA Database Explorer; patch availability and active exploitation status are not confirmed from available data.

SAP Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-34261 MEDIUM This Month

Missing authorization checks in SAP Business Analytics and SAP Content Management allow authenticated users to invoke unauthorized remote function module calls, enabling confidential data access beyond their assigned permissions. The vulnerability affects all versions of the product and carries a CVSS score of 6.5 with confirmed high confidentiality impact. No public exploit code or active exploitation has been reported at time of analysis.

SAP Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34257 MEDIUM This Month

Open redirect in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-controlled pages, potentially enabling phishing or credential theft attacks. The vulnerability affects all versions of SAP NetWeaver Application Server ABAP and requires user interaction (URL click). CVSS score of 6.1 reflects moderate risk with low confidentiality and integrity impact but no availability impact. No public exploit code or active exploitation has been reported at time of analysis.

SAP Open Redirect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34256 HIGH This Week

Authenticated remote attackers can overwrite eight-character executable ABAP reports in SAP ERP and SAP S/4HANA systems due to missing authorization checks, enabling denial-of-service conditions when legitimate users execute corrupted reports. This authorization bypass (CWE-862) requires low-privilege authenticated access (CVSS PR:L) and has low attack complexity, combining limited integrity impact with high availability impact (CVSS 7.1). EPSS data not provided; no public exploit identified at time of analysis. Affects SAP ERP and SAP S/4HANA Private Cloud and On-Premise deployments.

SAP Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27688 MEDIUM This Month

Unauthorized access to Database Analyzer Log Files in SAP NetWeaver Application Server for ABAP allows authenticated users to read sensitive database logs through an unprotected RFC function module. An attacker with standard user privileges and access to execute the affected module can bypass authorization checks to disclose confidential information, though system integrity and availability remain unaffected. No patch is currently available to remediate this authorization bypass vulnerability.

SAP Authentication Bypass Information Disclosure
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-27687 MEDIUM This Month

Insufficient authorization validation in SAP S/4HANA and ERP HCM Portugal modules allows high-privileged users to view confidential data from other companies. An authenticated attacker with elevated permissions could exploit this cross-tenant data exposure to access sensitive information without proper access controls. No patch is currently available for this medium-severity vulnerability.

SAP
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-27686 MEDIUM This Month

SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.

SAP Denial Of Service
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-27685 CRITICAL Act Now

SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.

SAP Deserialization
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27684 MEDIUM This Month

SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.

SAP SQLi
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-24317 MEDIUM This Month

SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.

SAP Windows
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-24316 MEDIUM This Month

SAP NetWeaver Application Server for ABAP contains a server-side request forgery vulnerability in a built-in ABAP testing report that allows authenticated attackers to send HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable reconnaissance of sensitive internal systems and potential data exfiltration, though availability is not impacted. Currently, no patch is available for this vulnerability.

SAP SSRF
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-24313 MEDIUM This Month

SAP Solution Tools Plug-In (ST-PI) exposes system information to authenticated users due to missing authorization validation in a function module. An attacker with valid credentials can bypass access controls to retrieve sensitive information about the SAP system without requiring user interaction.

SAP
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-24311 MEDIUM This Month

SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.

SAP Industrial
NVD VulDB
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-24310 LOW Monitor

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. [CVSS 3.5 LOW]

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-24309 MEDIUM This Month

Missing authorization controls in SAP NetWeaver Application Server for ABAP allow authenticated attackers to invoke specific function modules that manipulate the database configuration table, potentially degrading system performance or causing service interruptions. This authorization bypass affects both system integrity and availability, though it requires valid credentials and no patch is currently available.

SAP Authentication Bypass
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-0489 MEDIUM This Month

DOM-based XSS in SAP Business One Job Service allows unauthenticated attackers to inject malicious code through unvalidated URL query parameters, compromising user sessions when victims interact with crafted links. Successful exploitation could leak sensitive data or modify application content, though availability is not affected. No patch is currently available.

SAP XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24314 MEDIUM This Month

SAP S/4HANA's Manage Payment Media component contains an information disclosure vulnerability that allows authenticated users to access restricted data through certain application conditions. The vulnerability has low confidentiality impact and requires valid credentials to exploit, with no publicly available patch currently available.

SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24328 MEDIUM This Month

Business Server Pages versions up to 740 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

SAP Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-24327 MEDIUM This Month

Insufficient authorization validation in SAP Strategic Enterprise Management's Balanced Scorecard component allows authenticated users to view restricted information they should not have access to. This authenticated-only vulnerability has low confidentiality impact and requires no user interaction, affecting organizations running affected SAP SEM instances. Currently no patch is available to remediate this authorization bypass.

SAP Strategic Enterprise Management
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24326 MEDIUM This Month

Unauthorized database modifications in SAP S/4HANA Defense & Security occur due to missing authorization checks in Disconnected Operations, allowing authenticated users to invoke remote-enabled function modules and directly alter standard SAP database tables. The vulnerability has limited impact, affecting only data integrity without compromising confidentiality or system availability. No patch is currently available.

SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24325 MEDIUM This Month

Stored XSS in SAP BusinessObjects Enterprise results from insufficient input encoding, allowing high-privileged administrators to inject malicious JavaScript that executes in other users' browsers. This vulnerability affects confidentiality and integrity with medium severity, though no patch is currently available. Exploitation requires administrative access and user interaction to trigger the malicious payload.

SAP XSS Businessobjects Enterprise
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-24324 MEDIUM This Month

Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).

SAP Denial Of Service Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24322 HIGH This Week

Authenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module that lacks proper authorization controls, allowing disclosure of confidential data without requiring additional privileges. The vulnerability affects all users with basic authentication to the affected SAP systems, as the missing checks permit lateral data exposure across the application.

SAP Solution Tools Plug In
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-24321 MEDIUM This Month

SAP Commerce Cloud contains unauthenticated API endpoints that expose sensitive information not intended for public access, enabling remote attackers to retrieve confidential data without authentication. The vulnerability has limited impact on confidentiality with no effect on system integrity or availability. No patch is currently available for affected Commerce Cloud deployments.

SAP Commerce Cloud
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24320 LOW Monitor

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. [CVSS 3.1 LOW]

SAP Memory Corruption
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-24319 MEDIUM This Month

SAP Business One stores sensitive data unencrypted in memory dump files, allowing high-privileged local users with user interaction to extract credentials and other confidential information. An attacker with access to these dumps could leverage the exposed data to perform unauthorized operations and modify company data within the B1 environment. No patch is currently available for this medium-severity vulnerability.

SAP Business One
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-24312 MEDIUM This Month

SAP Business Workflow contains an authorization bypass that allows authenticated administrators to escalate privileges by misusing permissions from lower-sensitivity functions to perform unauthorized high-privilege operations. An attacker with admin credentials can exploit this flaw to compromise data integrity, though confidentiality and availability impacts are limited. No patch is currently available for this vulnerability.

SAP Privilege Escalation Sap Basis
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-23688 MEDIUM This Month

Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate privileges and modify data they should not have access to. The vulnerability affects SAP S/4HANA Core installations and requires user authentication to exploit, limiting the immediate risk but potentially enabling insider threats or account compromise scenarios.

SAP Privilege Escalation S4core
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23687 HIGH This Week

Sap Basis versions up to 700 is affected by improper verification of cryptographic signature (CVSS 8.8).

SAP Authentication Bypass Jwt Attack
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23686 LOW Monitor

Netweaver Application Server Java versions up to 7.50 is affected by http response splitting (CVSS 3.4).

SAP
NVD
CVSS 3.1
3.4
EPSS
0.0%
CVE-2026-23685 MEDIUM This Month

Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.

SAP Denial Of Service Deserialization Netweaver
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2026-23684 MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23681 MEDIUM This Month

Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract sensitive system configuration details without proper access controls. This information disclosure could enable attackers to gather intelligence for planning targeted follow-up attacks, though the vulnerability carries low confidentiality impact with no effect on system integrity or availability. Currently no patch is available.

SAP Solution Tools Plug In
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0509 CRITICAL Act Now

Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6.

SAP Netweaver As Abap Kernel Netweaver As Abap Krnl64nuc Netweaver As Abap Krnl64uc
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-0508 HIGH This Week

Businessobjects Business Intelligence Platform versions up to 430 is affected by url redirection to untrusted site (open redirect) (CVSS 7.3).

SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-0490 HIGH This Week

Businessobjects Business Intelligence Platform versions up to 430 is affected by missing authorization (CVSS 7.5).

SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0488 CRITICAL Act Now

Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.

SAP Netweaver Application Server Abap Webclient Ui Framework
NVD
CVSS 3.1
9.9
EPSS
0.0%
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Privilege escalation in Checkmk's mk_sap_hana agent plugin allows a local unprivileged user to execute arbitrary commands as root by planting a process whose name mimics a SAP HANA instance. The plugin, when running as root under the RUNAS=agent configuration and lacking explicit database configuration, blindly reads the OS process list to derive SAP HANA instance identifiers and injects them unsanitized into a shell command executed with root privileges - a textbook CWE-78 OS command injection. No public exploit code or CISA KEV listing exists at time of analysis, but the attack prerequisites are achievable on any misconfigured Checkmk deployment that monitors SAP environments.

Privilege Escalation SAP Command Injection +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

CSS stylesheet injection in SAP @ui5/webcomponents-base allows unauthenticated remote attackers to load arbitrary cross-origin stylesheets into victim pages by bypassing the sap-allowed-theme-origins allowlist enforcement inside setThemeRoot(). The ?sap-themeRoot URL query parameter is a direct delivery vector, making socially-engineered exploitation trivial - no authentication is required from the attacker (CVSS PR:N), only a victim page load (UI:R). Successful exploitation enables UI redressing, clickjacking, phishing overlays, visual defacement, and limited CSS attribute-selector-based data exfiltration; no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

SAP Authentication Bypass Ui5 Webcomponents Base
NVD GitHub
EPSS 0% CVSS 7.6
HIGH This Week

Insecure deserialization in the SAP Change and Transport System Attach Tool (ctsattach) lets an authenticated, low-privileged attacker achieve remote code execution by supplying a crafted archive that a victim then processes through the tool's library. Successful exploitation yields high confidentiality and integrity impact - attackers can read sensitive data and take control of the host and its processes - with low availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-502 root cause and 7.6 CVSS make this a meaningful patch priority for SAP landscapes.

Deserialization SAP RCE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Privilege escalation in SAP S/4HANA's Draft Operation component allows authenticated restricted users to read entity data beyond their authorized scope due to missing authorization checks. The flaw, classified under CWE-862, is exploitable over the network without elevated privileges, resulting in low confidentiality impact with no effect on integrity or availability. No public exploit code or active exploitation has been identified at time of analysis, keeping real-world risk bounded despite the network-accessible attack vector.

SAP Authentication Bypass Sap S 4Hana Draft Operation
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization in SAP S/4HANA's Create Single Payment function exposes restricted entity set keys to authenticated but low-privileged users. The flaw (CWE-862) allows a restricted user to query specific payment-related entity sets beyond their intended access scope, resulting in low-impact confidentiality leakage with no effect on data integrity or system availability. No public exploit code exists and this vulnerability is not listed in CISA KEV; EPSS data was not provided, but the CVSS 4.3 medium score and limited impact scope suggest low exploitation urgency.

SAP Authentication Bypass Sap S 4 Hana Create Single Payment
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in SAP S/4HANA Project Management (PPM-PRO) allows a high-privileged authenticated attacker to execute crafted database queries, exposing backend database contents. The vulnerability is reachable over the network but requires both high attack complexity and high privilege level, significantly constraining the realistic attacker pool. No public exploit or active exploitation has been identified at time of analysis, and the CVSS base score of 5.5 reflects these mitigating factors despite the potential for database exposure.

SQLi SAP Sap S 4Hana Project Management Ppm Pro
NVD VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Script injection in SAP CRM WebClient UI is enabled by absent Content Security Policy (CSP) directives for certain restrictive headers, allowing an authenticated low-privileged attacker to inject malicious JavaScript that executes in a victim user's browser session. The CVSS vector (PR:L/UI:R/S:C) confirms this requires both an authenticated attacker and victim interaction, with a cross-scope impact consistent with browser-context script execution. No public exploit code or CISA KEV active exploitation listing has been identified at time of analysis, and impact is bounded to low integrity with no confidentiality or availability consequence.

SAP Code Injection Sap Crm Webclient Ui
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication bypass via well-known default credentials in SAP Commerce Cloud allows an unauthenticated remote attacker to abuse a pre-provisioned sample OAuth2 client whose client ID and secret are published in SAP Help Portal documentation. If the sample client is left in place, the attacker mints a valid OAuth2 access token and calls certain APIs to read and modify business data (CVSS 9.1, high confidentiality and integrity impact, no availability impact). No public exploit identified at time of analysis, but the credentials are publicly documented, making exploitation trivial wherever the sample configuration was never removed.

SAP Information Disclosure Sap Commerce Cloud
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Reflected XSS in SAP NetWeaver Application Server ABAP's Business Server Pages (BSP) framework allows remote unauthenticated attackers to inject arbitrary JavaScript into HTTP responses when a victim user interacts with a crafted URL. Successful exploitation enables session token theft and execution of authenticated actions on behalf of the victim within the SAP web context. No public exploit code or CISA KEV listing is identified at time of analysis; CVSS AC:H indicates non-trivial conditions must align for successful delivery, moderating real-world risk despite the enterprise sensitivity of SAP environments.

SAP XSS Sap Netweaver Application Server Abap Applications Based On Business Server Pages
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated remote attackers to inject arbitrary JavaScript into URL parameters that are echoed back unencoded in server responses. When a victim with an active portal session visits a crafted URL, the injected script executes in their browser under the portal's origin, permitting session token theft, unauthorized manipulation of portal content, or forced redirection to attacker-controlled resources. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, though the unauthenticated network-accessible attack surface and low complexity make phishing-based delivery operationally straightforward.

SAP XSS Sap Netweaver Enterprise Portal
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

User account enumeration in SAP HANA Extended Application Services Classic Model (XSC) user self-service tools allows unauthenticated remote attackers to identify valid usernames and email addresses by crafting requests that elicit distinguishable server responses. The CWE-204 root cause - observable response discrepancy - means the application behaves differently for valid versus invalid accounts, leaking account existence without requiring credentials. CVSS scores this at 3.7 (AV:N/AC:H) reflecting network accessibility tempered by high attack complexity; no public exploit code or CISA KEV listing has been identified at time of analysis.

SAP Information Disclosure Sap Hana Extended Application Services Classic Model User Self Service
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Reflected cross-site scripting in SAP NetWeaver Application Server Java (specifically the Configuration Wizard component) lets an unauthenticated attacker embed malicious JavaScript in crafted URLs that executes in a victim's browser when the link is opened. Because the CVSS scope is changed (S:C) and confidentiality impact is high, a successful lure can expose sensitive session information and tamper with non-sensitive data rendered in the client. No public exploit identified at time of analysis, but the 8.2 CVSS and unauthenticated, network-reachable vector make it a meaningful phishing-driven risk for exposed SAP portals.

SAP XSS Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. There is no public exploit identified at time of analysis, but the low attack complexity and network reachability make it a high-priority patch for any exposed ABAP stack.

Buffer Overflow SAP Memory Corruption +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Unauthorized access in SAP Approuter arises because the component fails to validate incoming request headers during the OAuth2 login flow under certain configurations (CWE-601, open redirect). An unauthenticated remote attacker who lures a victim into clicking a crafted link can hijack the authentication flow to gain high-confidentiality and high-integrity access to the application. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the network-reachable, low-complexity nature (CVSS 8.1) makes it a meaningful patch priority for SAP BTP/Cloud Foundry environments.

SAP Authentication Bypass Open Redirect +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Request-response desynchronization in SAP Approuter lets an unauthenticated remote attacker send a specially crafted HTTP request that smuggles a second request past the front end, allowing exposure of other users' HTTP responses and denial of service against the application. The flaw carries a CVSS 9.1 (high confidentiality and availability impact) and was reported by SAP; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SAP Request Smuggling Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Reflected cross-site scripting in SAP Wily Introscope Enterprise Manager allows an unauthenticated remote attacker to craft a malicious URL that, when accessed by a victim user, executes injected JavaScript within the application's browser context. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) confirms network-reachable delivery requiring no attacker credentials, but demands both high attack complexity and victim interaction, capping real-world exploitability. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in a lower-urgency tier despite the cross-scope impact.

XSS SAP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Email spoofing in the SAP Business Objects Business Intelligence Platform allows authenticated network users to manipulate email sending parameters without sufficient server-side validation, enabling them to craft and dispatch emails with falsified sender or header fields. Affected users require only low-privilege authentication, and exploitation is network-accessible with no additional user interaction required. No public exploit code exists and this vulnerability is not listed in CISA KEV; the CVSS score of 4.3 (Medium) accurately reflects the limited, integrity-only impact scoped to the application.

Information Disclosure SAP
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Unintended data disclosure in SAP's Operational Data Provisioning RFC (ODP-RFC) modules stems from missing caller identification controls that fail to restrict invocation to permitted SAP-internal applications. Highly privileged customer or third-party applications can invoke these internal RFC modules outside their intended usage context, exposing sensitive operational data across a Changed scope boundary (S:C). No public exploit has been identified at time of analysis, and this is not listed in CISA KEV; however, the High confidentiality impact combined with scope change warrants attention in SAP environments where ODP is exposed to external RFC consumers.

Authentication Bypass SAP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Privilege escalation in SAP MDG's Review Match Groups Application exposes restricted actions to low-privileged authenticated users due to missing authorization checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms exploitation requires only a valid low-privileged account over the network with no additional interaction, enabling unauthorized data modification. Impact is scoped to low integrity degradation - confidentiality and availability are unaffected - making this a moderate business risk primarily for organizations where MDG data integrity is compliance-critical. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass SAP
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Signed XML message tampering in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated low-privileged attackers to forge identity information by capturing a valid signed message and submitting modified signed XML documents that the verifier accepts. The scope-changing flaw (CVSS 9.9) enables unauthorized access to sensitive user data and disruption of normal operations across trust boundaries. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SAP Authentication Bypass Jwt Attack
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver JAVA's JDBC Test Servlet enables unauthenticated remote attackers to craft malicious URLs that execute arbitrary JavaScript in a victim's browser upon interaction. The Changed Scope (S:C) in the CVSS vector indicates the injected script can affect browser context beyond the vulnerable origin, enabling session theft, credential harvesting, or unauthorized modification of webclient data. No public exploit code has been identified at time of analysis, and this vulnerability has not been listed in the CISA KEV catalog.

XSS SAP Java
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in SAP S/4HANA (On-Premise) exposes sensitive ERP database content to authenticated network attackers via a vulnerable remote-enabled function module. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms low-complexity network exploitation requiring only a low-privilege SAP user account, with high confidentiality impact and no effect on data integrity or system availability. No public exploit or CISA KEV listing has been identified at time of analysis; SAP has issued a security note addressing the issue.

SAP SQLi
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

SAP Business Objects exposes sensitive information through a specific network-accessible endpoint when high-complexity preconditions are met, exploitable by unauthenticated remote attackers. Classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), the flaw carries a CVSS score of 3.7 (Low) with impact limited strictly to partial confidentiality loss - integrity and availability are unaffected. No public exploit has been identified at time of analysis, and no active exploitation has been confirmed.

Information Disclosure SAP
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Path Traversal SAP Java
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

SAP Fiori Launchpad is vulnerable to malicious URL crafting that triggers arbitrary service calls within the Fiori domain, enabling credential theft from users who interact with the crafted link. Exploitation requires no attacker privileges (PR:N per CVSS) but demands high attack complexity (AC:H) and user interaction (UI:R), meaning adversaries must possess advanced system knowledge and successfully deliver the URL to a victim. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, placing this in the medium-priority tier despite the credential-theft potential.

Information Disclosure SAP
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
EPSS 0% CVSS 3.1
LOW Monitor

CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.

Privilege Escalation SAP
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP Business Server Pages TAF_APPLAUNCHER contains a cross-site scripting vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to attacker-controlled sites, potentially exposing or altering sensitive information. The vulnerability requires user interaction (clicking the link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been publicly confirmed at time of analysis.

XSS SAP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP Financial Consolidation permits authenticated attackers to forcibly terminate other users' sessions, temporarily denying them access to the application. The vulnerability has limited impact, affecting only availability through session disconnection while leaving the application itself and all data integrity and confidentiality intact. CVSS score of 4.3 reflects low severity, and no public exploit code or active exploitation has been identified.

Information Disclosure SAP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.

Command Injection SAP
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Insufficient authorization checks in SAP Incentive and Commission Management allow authenticated users to invoke remote-enabled function modules and perform unauthorized table update operations, compromising data integrity. The vulnerability requires valid user credentials and network access but has limited scope - no confidentiality or availability impact. CVSS 4.3 (low) reflects the authentication requirement and integrity-only impact; no active exploitation or public POC identified at analysis time.

Authentication Bypass SAP
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Missing authorization checks in SAP S/4HANA Condition Maintenance allow authenticated attackers to view and modify condition table records they should not have access to, compromising data confidentiality and integrity while potentially denying legitimate users access to those same records. The vulnerability requires valid user credentials but affects all versions of the affected module, with CVSS 6.3 reflecting its multi-faceted impact across three security dimensions.

Authentication Bypass SAP
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing authorization checks in SAP Strategic Enterprise Management's Scorecard Wizard (Business Server Pages application) allow authenticated users to access restricted information and modify risk evaluation settings without proper authorization. An attacker with valid credentials can view confidential data and alter default configuration values, artificially reducing assessed risk levels to deceive risk assessment processes. No patch availability or active exploitation has been confirmed.

Authentication Bypass SAP
NVD VulDB
EPSS 0% CVSS 3.4
LOW Monitor

SQL injection in SAP HANA Deployment Infrastructure (HDI) deploy library allows high-privileged users to manipulate dynamically constructed SQL queries, potentially altering SELECT statements and compromising confidentiality and availability. Attack requires local access and high privileges (PR:H), limiting real-world risk despite SQL injection severity. No public exploit code or active exploitation has been identified at the time of analysis.

SQLi SAP
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code for subscribed channel users by sending specially crafted inputs. The vulnerability has low integrity impact with no confidentiality or availability consequences. CVSS 4.3 (low severity) reflects the requirement for authenticated access, but the ability to affect other users elevates practical risk in multi-tenant environments.

SAP Code Injection RCE
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064.

RCE Java SAP
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications.

Authentication Bypass SQLi SAP
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). No public exploit code or active exploitation confirmed at time of analysis, with vendor patch available via SAP Security Patch Day.

Command Injection SAP
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Reflected cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (Business Server Pages) allows unauthenticated attackers to inject malicious scripts via unprotected URL parameters. Successful exploitation requires victim interaction (clicking a crafted link) and affects confidentiality and integrity of application data. No public exploit code or active exploitation reported at time of analysis.

XSS SAP
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform allows unauthenticated attackers to trick authenticated users into sending unintended requests to the web server, resulting in low-impact modifications to application integrity and availability. The vulnerability requires user interaction (clicking a malicious link) and affects all versions of the platform due to insufficient CSRF token validation. No confidentiality impact is present, limiting the attack surface to state-changing operations.

CSRF SAP
NVD VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Reflected cross-site scripting (XSS) in SAP BusinessObjects Business Intelligence allows authenticated attackers to inject malicious JavaScript via crafted URLs that execute in victim browsers, potentially exposing restricted information. The vulnerability requires user interaction (clicking a malicious link) and affects only confidentiality with a CVSS score of 4.1 (low severity). No public exploit code or active exploitation has been identified.

SAP XSS
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

SQL injection in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW) allows authenticated users to execute arbitrary SQL commands against the database. Affected versions span SAP_BW 750-758, BPC4HANA 300, and HANABPC 810/816. The scope-change vector (S:C) indicates attackers can pivot beyond the vulnerable component to compromise database resources serving multiple SAP applications. Despite critical CVSS 9.9 severity, EPSS exploitation probability remains low (0.05%, 14th percentile) with CISA SSVC indicating no current exploitation and non-automatable attack profile. SAP security note 3719353 provides remediation guidance.

SAP SQLi
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP S/4HANA frontend OData Service (Manage Reference Structures) allows authenticated users to update and delete child entities without proper authorization checks, enabling privilege escalation and data integrity violations. The vulnerability requires valid user credentials but no special privileges, affecting systems running vulnerable S/4HANA versions. Attackers can exploit exposed OData endpoints to modify or remove reference structure data that should be protected from their access level.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP S/4HANA backend OData Service for Manage Reference Structures allows authenticated remote attackers to modify and delete child entities without proper authorization checks, compromising data integrity across reference data structures. The vulnerability requires valid user credentials but no elevated privileges, affecting organizations running vulnerable S/4HANA versions. CVSS 6.5 with confirmed patch availability via SAP Security Patch Day.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP S/4HANA OData Service for Manage Reference Equipment lacks authorization checks, allowing authenticated users to modify and delete child entities without proper access controls. The vulnerability affects S/4HANA instances with the vulnerable OData service and requires low-privilege network access, resulting in high integrity impact but no confidentiality or availability risk. No public exploit code or active exploitation has been confirmed.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP S/4HANA OData Service for Manage Technical Object Structures allows authenticated users to update and delete child entities without proper authorization checks, enabling unauthorized data modification. The vulnerability affects S/4HANA deployments exposing the vulnerable OData service and requires valid user credentials but no elevated privileges. CVSS base score is 4.3 (low-to-medium severity) with confirmed patch availability from SAP Security Patch Day.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 2.0
LOW Monitor

SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.

SAP Code Injection RCE
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting via code injection in SAP NetWeaver Application Server Java Web Dynpro allows unauthenticated remote attackers to inject arbitrary client-side code through crafted input, compromising user sessions and application data integrity when victims interact with the affected functionality. CVSS 6.1 (medium) reflects the requirement for user interaction and limited scope, but exploitation is straightforward with no authentication needed and low attack complexity.

SAP Code Injection RCE +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

SAP S/4HANA (Private Cloud and On-Premise) allows authenticated local network users to delete arbitrary operating system files due to missing authorization checks, degrading system integrity and availability. The vulnerability requires prior authentication and high complexity attack conditions (AC:H), resulting in a CVSS score of 4.9. No evidence of active exploitation or public proof-of-concept code has been identified, but the authorization bypass is confirmed across both deployment models.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

Insecure session management in SAP Business Objects Business Intelligence Platform allows unauthenticated attackers to obtain and reuse valid session tokens, enabling unauthorized access to victim sessions with moderate complexity. An attacker exploiting this vulnerability could access or modify information within the compromised session's scope, affecting confidentiality and integrity. The attack requires user interaction (UI:R) and high attack complexity (AC:H), limiting real-world exploitation but still warranting prioritized remediation for organizations running affected BI Platform versions.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in SAP Supplier Relationship Management (SRM) SICF Handler allows unauthenticated remote attackers to craft malicious URLs that, when accessed by victims, execute arbitrary JavaScript within their browsers. Successful exploitation enables attackers to steal session credentials, modify procurement data, or perform actions on behalf of authenticated users, affecting confidentiality and integrity of SRM operations. The vulnerability carries a CVSS score of 6.1 with moderate real-world risk due to required user interaction and cross-origin constraints, though no public exploit code or active exploitation has been confirmed at the time of analysis.

SAP XSS
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP Human Capital Management for SAP S/4HANA allows authenticated users with low privileges to enumerate and guess sensitive information through specific authorization check messages, resulting in information disclosure beyond their authorized scope. The vulnerability affects SAP HCM across affected versions and requires low-privilege authenticated access to exploit, with a CVSS score of 6.5 reflecting high confidentiality impact but no integrity or availability compromise.

SAP Information Disclosure
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP HANA Cockpit and HANA Database Explorer leak sensitive information to authenticated network users due to improper credential storage mechanisms (CWE-522). An authenticated attacker with network access can retrieve confidential data without requiring elevated privileges or user interaction. This vulnerability affects all versions of SAP HANA Cockpit and HANA Database Explorer; patch availability and active exploitation status are not confirmed from available data.

SAP Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing authorization checks in SAP Business Analytics and SAP Content Management allow authenticated users to invoke unauthorized remote function module calls, enabling confidential data access beyond their assigned permissions. The vulnerability affects all versions of the product and carries a CVSS score of 6.5 with confirmed high confidentiality impact. No public exploit code or active exploitation has been reported at time of analysis.

SAP Authentication Bypass
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Open redirect in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-controlled pages, potentially enabling phishing or credential theft attacks. The vulnerability affects all versions of SAP NetWeaver Application Server ABAP and requires user interaction (URL click). CVSS score of 6.1 reflects moderate risk with low confidentiality and integrity impact but no availability impact. No public exploit code or active exploitation has been reported at time of analysis.

SAP Open Redirect
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Authenticated remote attackers can overwrite eight-character executable ABAP reports in SAP ERP and SAP S/4HANA systems due to missing authorization checks, enabling denial-of-service conditions when legitimate users execute corrupted reports. This authorization bypass (CWE-862) requires low-privilege authenticated access (CVSS PR:L) and has low attack complexity, combining limited integrity impact with high availability impact (CVSS 7.1). EPSS data not provided; no public exploit identified at time of analysis. Affects SAP ERP and SAP S/4HANA Private Cloud and On-Premise deployments.

SAP Authentication Bypass
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unauthorized access to Database Analyzer Log Files in SAP NetWeaver Application Server for ABAP allows authenticated users to read sensitive database logs through an unprotected RFC function module. An attacker with standard user privileges and access to execute the affected module can bypass authorization checks to disclose confidential information, though system integrity and availability remain unaffected. No patch is currently available to remediate this authorization bypass vulnerability.

SAP Authentication Bypass Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Insufficient authorization validation in SAP S/4HANA and ERP HCM Portugal modules allows high-privileged users to view confidential data from other companies. An authenticated attacker with elevated permissions could exploit this cross-tenant data exposure to access sensitive information without proper access controls. No patch is currently available for this medium-severity vulnerability.

SAP
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.

SAP Denial Of Service
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.

SAP Deserialization
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.

SAP SQLi
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.

SAP Windows
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

SAP NetWeaver Application Server for ABAP contains a server-side request forgery vulnerability in a built-in ABAP testing report that allows authenticated attackers to send HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable reconnaissance of sensitive internal systems and potential data exfiltration, though availability is not impacted. Currently, no patch is available for this vulnerability.

SAP SSRF
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Solution Tools Plug-In (ST-PI) exposes system information to authenticated users due to missing authorization validation in a function module. An attacker with valid credentials can bypass access controls to retrieve sensitive information about the SAP system without requiring user interaction.

SAP
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM This Month

SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.

SAP Industrial
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. [CVSS 3.5 LOW]

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Missing authorization controls in SAP NetWeaver Application Server for ABAP allow authenticated attackers to invoke specific function modules that manipulate the database configuration table, potentially degrading system performance or causing service interruptions. This authorization bypass affects both system integrity and availability, though it requires valid credentials and no patch is currently available.

SAP Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

DOM-based XSS in SAP Business One Job Service allows unauthenticated attackers to inject malicious code through unvalidated URL query parameters, compromising user sessions when victims interact with crafted links. Successful exploitation could leak sensitive data or modify application content, though availability is not affected. No patch is currently available.

SAP XSS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP S/4HANA's Manage Payment Media component contains an information disclosure vulnerability that allows authenticated users to access restricted data through certain application conditions. The vulnerability has low confidentiality impact and requires valid credentials to exploit, with no publicly available patch currently available.

SAP
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Business Server Pages versions up to 740 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

SAP Business Server Pages
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Insufficient authorization validation in SAP Strategic Enterprise Management's Balanced Scorecard component allows authenticated users to view restricted information they should not have access to. This authenticated-only vulnerability has low confidentiality impact and requires no user interaction, affecting organizations running affected SAP SEM instances. Currently no patch is available to remediate this authorization bypass.

SAP Strategic Enterprise Management
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthorized database modifications in SAP S/4HANA Defense & Security occur due to missing authorization checks in Disconnected Operations, allowing authenticated users to invoke remote-enabled function modules and directly alter standard SAP database tables. The vulnerability has limited impact, affecting only data integrity without compromising confidentiality or system availability. No patch is currently available.

SAP
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored XSS in SAP BusinessObjects Enterprise results from insufficient input encoding, allowing high-privileged administrators to inject malicious JavaScript that executes in other users' browsers. This vulnerability affects confidentiality and integrity with medium severity, though no patch is currently available. Exploitation requires administrative access and user interaction to trigger the malicious payload.

SAP XSS Businessobjects Enterprise
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).

SAP Denial Of Service Businessobjects Business Intelligence Platform
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Authenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module that lacks proper authorization controls, allowing disclosure of confidential data without requiring additional privileges. The vulnerability affects all users with basic authentication to the affected SAP systems, as the missing checks permit lateral data exposure across the application.

SAP Solution Tools Plug In
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP Commerce Cloud contains unauthenticated API endpoints that expose sensitive information not intended for public access, enabling remote attackers to retrieve confidential data without authentication. The vulnerability has limited impact on confidentiality with no effect on system integrity or availability. No patch is currently available for affected Commerce Cloud deployments.

SAP Commerce Cloud
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. [CVSS 3.1 LOW]

SAP Memory Corruption
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

SAP Business One stores sensitive data unencrypted in memory dump files, allowing high-privileged local users with user interaction to extract credentials and other confidential information. An attacker with access to these dumps could leverage the exposed data to perform unauthorized operations and modify company data within the B1 environment. No patch is currently available for this medium-severity vulnerability.

SAP Business One
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

SAP Business Workflow contains an authorization bypass that allows authenticated administrators to escalate privileges by misusing permissions from lower-sensitivity functions to perform unauthorized high-privilege operations. An attacker with admin credentials can exploit this flaw to compromise data integrity, though confidentiality and availability impacts are limited. No patch is currently available for this vulnerability.

SAP Privilege Escalation Sap Basis
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate privileges and modify data they should not have access to. The vulnerability affects SAP S/4HANA Core installations and requires user authentication to exploit, limiting the immediate risk but potentially enabling insider threats or account compromise scenarios.

SAP Privilege Escalation S4core
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Sap Basis versions up to 700 is affected by improper verification of cryptographic signature (CVSS 8.8).

SAP Authentication Bypass Jwt Attack
NVD
EPSS 0% CVSS 3.4
LOW Monitor

Netweaver Application Server Java versions up to 7.50 is affected by http response splitting (CVSS 3.4).

SAP
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.

SAP Denial Of Service Deserialization +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract sensitive system configuration details without proper access controls. This information disclosure could enable attackers to gather intelligence for planning targeted follow-up attacks, though the vulnerability carries low confidentiality impact with no effect on system integrity or availability. Currently no patch is available.

SAP Solution Tools Plug In
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6.

SAP Netweaver As Abap Kernel Netweaver As Abap Krnl64nuc +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Businessobjects Business Intelligence Platform versions up to 430 is affected by url redirection to untrusted site (open redirect) (CVSS 7.3).

SAP Businessobjects Business Intelligence Platform
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Businessobjects Business Intelligence Platform versions up to 430 is affected by missing authorization (CVSS 7.5).

SAP Businessobjects Business Intelligence Platform
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.

SAP Netweaver Application Server Abap Webclient Ui Framework
NVD
Page 1 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy