Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-27432LOWMissing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)EPSS 0.2%CVE-2026-27679MEDIUMMissing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)EPSS 0.2%CVE-2026-27678MEDIUMMissing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)EPSS 0.2%CVE-2024-47576LOWDLL Hijacking vulnerability in SAP Product Lifecycle CostingEPSS 0.2%CVE-2026-27677MEDIUMMissing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)EPSS 0.2%CVE-2024-34692LOW[CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable NowEPSS 0.2%CVE-2026-23683MEDIUMMissing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-42924MEDIUMOpen Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)EPSS 0.2%CVE-2026-24317MEDIUMDLL Hijacking vulnerability in SAP GUI for Windows with active GuiXTEPSS 0.2%CVE-2025-0069HIGHDLL Hijacking vulnerability in SAPSetupEPSS 0.2%CVE-2026-24315MEDIUMPath Traversal Vulnerability in SAP Fiori (launchpad)EPSS 0.2%CVE-2026-27680LOWCSS Injection vulnerability in SAP NetWeaver Application Server ABAPEPSS 0.2%CVE-2026-40131LOWSQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy libraryEPSS 0.2%CVE-2026-0499MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise PortalEPSS 0.2%CVE-2026-0513MEDIUMOpen Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)EPSS 0.2%CVE-2026-0504LOWInsufficient Input Handling in JNDI Operations of SAP Identity ManagementEPSS 0.2%CVE-2024-45283MEDIUMInformation disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)EPSS 0.2%CVE-2025-42936MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2025-26662MEDIUMCross-Site Scripting (XSS) vulnerability in the SAP Data Services Management ConsoleEPSS 0.2%CVE-2026-24312MEDIUMMissing authorization check in SAP Business WorkflowEPSS 0.2%

← previouspage 25 / 28next →