Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2024-44112MEDIUMMissing Authorization check in SAP for Oil & Gas (Transportation and Distribution)EPSS 0.3%CVE-2024-44115MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2024-44116MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2026-34258MEDIUMContent Spoofing vulnerability in SAPUI5 (Search UI)EPSS 0.2%CVE-2024-47581MEDIUMMissing Authorization check in SAP HCM (Approve Timesheets version 4)EPSS 0.2%CVE-2025-42916HIGHMissing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)EPSS 0.2%CVE-2025-0067MEDIUMMissing Authorization check in SAP NetWeaver Application Server JavaEPSS 0.2%CVE-2024-42377MEDIUMMultiple Missing Authorization Check vulnerabilities in SAP Shared Service FrameworkEPSS 0.2%CVE-2024-33004MEDIUMInsecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)EPSS 0.2%CVE-2025-25242MEDIUMCross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAPEPSS 0.2%CVE-2024-44114LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.2%CVE-2024-42378MEDIUMCross-Site Scripting (XSS) in eProcurement on S/4HANAEPSS 0.2%CVE-2024-21734LOWURL Redirection vulnerability in SAP Marketing (Contacts App)EPSS 0.2%CVE-2024-45284LOWMissing authorization check in SAP Student Life Cycle Management (SLcM)EPSS 0.2%CVE-2025-42920MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship ManagementEPSS 0.2%CVE-2023-37490HIGHBinary hijack in SAP BusinessObjects Business Intelligence (Installer)EPSS 0.2%CVE-2024-34683MEDIUMUnrestricted file upload in SAP Document Builder (HTTP service)EPSS 0.2%CVE-2025-24867MEDIUMCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)EPSS 0.2%CVE-2024-39595MEDIUM[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and SimulationEPSS 0.2%CVE-2024-45278MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Commerce BackofficeEPSS 0.2%

← previouspage 18 / 28next →