1669
CVEs
162
Critical
470
High
13
KEV
89
PoC
603
Unpatched C/H
4.8%
Patch Rate
1.9%
Avg EPSS
Severity Breakdown
CRITICAL
162
HIGH
470
MEDIUM
980
LOW
57
Monthly CVE Trend
Affected Products (30)
3D Visual Enterprise Viewer
128
Java
126
Netweaver
90
Netweaver Application Server Abap
72
Businessobjects Business Intelligence Platform
70
Netweaver Application Server Java
59
Businessobjects Business Intelligence
44
Hana
38
Open Redirect
34
Solution Manager
31
Business One
30
Adaptive Server Enterprise
29
3D Visual Enterprise Author
27
Internet Graphics Server
23
Netweaver Process Integration
21
Netweaver Enterprise Portal
20
Commerce Cloud
18
Netweaver Abap
18
Hana Extended Application Services
18
Businessobjects
17
Sap Basis
17
Disclosure Management
16
Business Objects Business Intelligence Platform
15
Host Agent
14
Enable Now
14
Customer Relationship Management Webclient Ui
12
Abap Platform
11
Supplier Relationship Management
11
Netweaver As Abap
11
Sap Kernel
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-12637 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.5 | 93.5% | 201 |
KEV
PoC
No patch
|
| CVE-2016-3976 | Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.5 | 81.5% | 189 |
KEV
PoC
No patch
|
| CVE-2016-2386 | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 44.0% | 163 |
KEV
PoC
No patch
|
| CVE-2016-9563 | BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | MEDIUM | 6.5 | 58.4% | 161 |
KEV
PoC
No patch
|
| CVE-2012-2611 | The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 77.7%. | CRITICAL | 9.3 | 77.7% | 159 |
PoC
No patch
|
| CVE-2016-2388 | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | MEDIUM | 5.3 | 62.3% | 159 |
KEV
PoC
No patch
|
| CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | CRITICAL | 10.0 | 32.2% | 152 |
KEV
PoC
No patch
|
| CVE-2016-2389 | Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%. | HIGH | 7.5 | 83.7% | 141 |
PoC
No patch
|
| CVE-2010-5326 | Remote unauthenticated code execution in SAP NetWeaver Application Server Java (pre-7.3) through the Invoker Servlet allows attackers to bypass authentication and execute arbitrary code. Confirmed actively exploited (CISA KEV) from 2013 through 2016 in 'Detour' attacks targeting SAP business applications. CVSS 10.0 with EPSS 16.90% (95th percentile) indicates both maximum theoretical severity and sustained real-world exploitation. This remains a critical priority for organizations running legacy SAP NetWeaver Java instances despite the vulnerability's age. | CRITICAL | 10.0 | 16.9% | 127 |
KEV
PoC
No patch
|
| CVE-2015-7241 | XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.4%. | CRITICAL | 9.8 | 27.4% | 96 |
PoC
No patch
|
| CVE-2016-1928 | Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.3% and no vendor patch available. | CRITICAL | 9.8 | 37.3% | 86 |
No patch
|
| CVE-2015-7986 | The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.3%. | HIGH | 7.5 | 27.3% | 85 |
PoC
No patch
|
| CVE-2020-6207 | SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 98.4% | 84 |
KEV
PoC
No patch
|
| CVE-2012-2512 | The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%. | MEDIUM | 5.0 | 36.1% | 81 |
PoC
No patch
|
| CVE-2012-2514 | The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.1%. | MEDIUM | 5.0 | 36.1% | 81 |
PoC
No patch
|