Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-23185MEDIUMInformation Disclosure in SAP Business Objects Business Intelligence PlatformEPSS 0.3%CVE-2025-43003MEDIUMInformation Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)EPSS 0.3%CVE-2025-31325MEDIUMCross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)EPSS 0.3%CVE-2026-27684MEDIUMSQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)EPSS 0.3%CVE-2024-47585MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2025-26657MEDIUMInformation Disclosure vulnerability in SAP KMC WPCEPSS 0.3%CVE-2024-34686MEDIUMCross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)EPSS 0.3%CVE-2024-37173MEDIUM[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)EPSS 0.3%CVE-2024-42380MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2025-42983HIGHMissing Authorization check in SAP Business Warehouse and SAP Plug-In BasisEPSS 0.3%CVE-2024-39591MEDIUMMissing Authorization check in SAP Document BuilderEPSS 0.3%CVE-2025-43006MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)EPSS 0.3%CVE-2025-23187MEDIUMMissing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)EPSS 0.3%CVE-2024-44113MEDIUMInformation Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)EPSS 0.3%CVE-2024-41737MEDIUMServer-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)EPSS 0.3%CVE-2026-27687MEDIUMMissing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM PortugalEPSS 0.3%CVE-2024-41734MEDIUMMissing Authorization check in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.3%CVE-2024-41729MEDIUMInformation Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)EPSS 0.3%CVE-2024-39596MEDIUM[CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable NowEPSS 0.3%CVE-2025-0068MEDIUMMissing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAPEPSS 0.3%

← previouspage 16 / 28next →