Vulnerabilidades en SAP_SE

555 resultados

Análisis Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-42899MEDIUMMissing Authorization check in SAP S4CORE (Manage Journal Entries)EPSS 0.2%CVE-2026-34261MEDIUMMissing Authorization check in SAP Business Analytics and SAP Content ManagementEPSS 0.2%CVE-2025-42872MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise PortalEPSS 0.2%CVE-2026-40137MEDIUMCross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)EPSS 0.2%CVE-2026-0505MEDIUMMultiple vulnerabilities in BSP Applications of SAP Document Management SystemEPSS 0.2%CVE-2026-24313MEDIUMMissing Authorization check in SAP Solution Tools Plug-In (ST-PI)EPSS 0.2%CVE-2025-42939MEDIUMMissing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)EPSS 0.2%CVE-2026-24322HIGHMissing Authorization check in SAP Solution Tools Plug-In (ST-PI)EPSS 0.2%CVE-2024-33005MEDIUMMissing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerEPSS 0.2%CVE-2025-42996MEDIUMMultiple vulnerabilities in SAP MDM ServerEPSS 0.2%CVE-2025-42969MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.2%CVE-2026-44751HIGHMissing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP PlatformEPSS 0.2%CVE-2025-42886MEDIUMReflected Cross-Site Scripting (XSS) vulnerability in SAP Business ConnectorEPSS 0.2%CVE-2026-24323MEDIUMMultiple vulnerabilities in BSP Applications of SAP Document Management SystemEPSS 0.2%CVE-2023-36923HIGHCode Injection vulnerability in SAP PowerDesignerEPSS 0.2%CVE-2025-42901MEDIUMCode Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)EPSS 0.2%CVE-2025-42942MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2025-25244MEDIUMMissing Authorization Check in SAP Business Warehouse (Process Chains)EPSS 0.2%CVE-2026-24309MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2025-42948MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP PlatformEPSS 0.2%

← anteriorpágina 22 / 28siguiente →