Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-27437MEDIUMMissing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)EPSS 0.2%CVE-2025-23191LOWCache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERPEPSS 0.2%CVE-2025-42934MEDIUMCRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)EPSS 0.2%CVE-2025-31326MEDIUMHTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)EPSS 0.2%CVE-2026-0506HIGHMissing Authorization check in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.2%CVE-2026-0512MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)EPSS 0.2%CVE-2025-23188MEDIUMMissing Authorization check in SAP S/4HANA (RBD)EPSS 0.2%CVE-2025-31327MEDIUMOData meta-data property entity tampering in SAP Field LogisticsEPSS 0.2%CVE-2025-42884MEDIUMJNDI Injection vulnerability in SAP NetWeaver Enterprise PortalEPSS 0.2%CVE-2025-27436MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.2%CVE-2025-23189MEDIUMMissing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)EPSS 0.2%CVE-2025-26656MEDIUMMissing Authorization check in S/4HANA (Manage Purchasing Info Records)EPSS 0.2%CVE-2025-42984MEDIUMMissing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)EPSS 0.2%CVE-2026-44744MEDIUMSQL Injection vulnerability in SAP S/4HANAEPSS 0.2%CVE-2025-42965MEDIUMServer Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management ApplicationEPSS 0.2%CVE-2024-34690MEDIUMMissing Authorization check in SAP Student Life Cycle Management (SLcM)EPSS 0.2%CVE-2025-42985MEDIUMOpen Redirect vulnerability in SAP BusinessObjects Content Administrator workbenchEPSS 0.2%CVE-2026-27682MEDIUMReflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)EPSS 0.2%CVE-2023-6542HIGHImproper Export of Android Application Components in SAP EMARSYS SDK ANDROIDEPSS 0.2%CVE-2025-42988LOWServer-Side Request Forgery in SAP Business Objects Business Intelligence PlatformEPSS 0.2%

← previouspage 20 / 28next →