Vulnerabilidades en SAP_SE

555 resultados

Análisis Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2026-24310LOWMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2024-47577LOWInformation Disclosure vulnerability in SAP Commerce CloudEPSS 0.2%CVE-2025-27435MEDIUMInformation Disclosure Vulnerability in SAP Commerce CloudEPSS 0.2%CVE-2026-27674MEDIUMCode Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)EPSS 0.2%CVE-2026-0496MEDIUMMultiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-0056MEDIUMInformation Disclosure vulnerability in SAP GUI for JavaEPSS 0.2%CVE-2026-40132MEDIUMMissing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)EPSS 0.2%CVE-2025-42960MEDIUMMissing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx ToolsEPSS 0.2%CVE-2025-42991MEDIUMMissing Authorization check in SAP S/4HANA (Bank Account Application)EPSS 0.2%CVE-2025-42987MEDIUMMissing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)EPSS 0.2%CVE-2025-42945MEDIUMHTML Injection vulnerability in SAP NetWeaver Application Server ABAPEPSS 0.2%CVE-2025-42913LOWMissing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)EPSS 0.2%CVE-2025-42914LOWMissing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)EPSS 0.2%CVE-2026-44743LOWSecurity Misconfiguration vulnerability in SAP Business ObjectsEPSS 0.2%CVE-2026-0494MEDIUMInformation Disclosure vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-42990LOWHTML Injection in Unprotected SAPUI5 applicationsEPSS 0.2%CVE-2026-27683MEDIUMReflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence PlatformEPSS 0.2%CVE-2026-24325MEDIUMCross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)EPSS 0.2%CVE-2025-0059MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)EPSS 0.2%CVE-2025-42941LOWReverse Tabnabbing vulnerability in SAP Fiori (Launchpad)EPSS 0.2%

← anteriorpágina 24 / 28siguiente →