Vulnerabilities in SAP SE

778 results
Vexday analysis

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2022-41194Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrustEPSS 0.2%CVE-2021-40503An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficEPSS 0.2%CVE-2021-40498A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attackeEPSS 0.2%CVE-2022-35292In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to EPSS 0.2%CVE-2022-41205MEDIUMSAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access tEPSS 0.2%CVE-2022-31598Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request thrEPSS 0.2%CVE-2025-42956MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server ABAPEPSS 0.2%CVE-2022-39807Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received fEPSS 0.2%CVE-2022-28774Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.EPSS 0.2%CVE-2021-33700HIGHSAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the vEPSS 0.2%CVE-2022-41183Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted soEPSS 0.2%CVE-2022-41181Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received frEPSS 0.2%CVE-2022-41174Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrustEPSS 0.2%CVE-2022-41176Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sourEPSS 0.2%CVE-2023-40307MEDIUMPrivileges Memory Corruption (Out-of-bound write)EPSS 0.2%CVE-2020-26816MEDIUMSAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWEPSS 0.2%CVE-2022-28214During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are beinEPSS 0.2%CVE-2022-41209MEDIUMSAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide EPSS 0.2%