Vulnerabilidades en SAP_SE

555 resultados
Análisis Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2026-23688MEDIUMMissing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)EPSS 0.2%CVE-2025-24870MEDIUMInsecure Key & Secret Management vulnerability in SAP GUI for WindowsEPSS 0.2%CVE-2026-34257MEDIUMOpen Redirect vulnerability in SAP NetWeaver Application Server ABAPEPSS 0.2%CVE-2026-44757MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise ManagerEPSS 0.2%CVE-2023-33990HIGHDenial of Service (DoS) vulnerability in SAP SQL AnywhereEPSS 0.1%CVE-2026-0495MEDIUMMultiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.1%CVE-2023-32112LOWMissing Authorization Check in Vendor Master HierarchyEPSS 0.1%CVE-2024-39600MEDIUM[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for WindowsEPSS 0.1%CVE-2024-47595MEDIUMLocal Privilege Escalation in SAP Host AgentEPSS 0.1%CVE-2025-26654MEDIUMPotential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)EPSS 0.1%CVE-2024-34684LOWInformation Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)EPSS 0.1%CVE-2025-42908MEDIUMCross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAPEPSS 0.1%CVE-2025-43000HIGHInformation Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)EPSS 0.1%CVE-2025-42971MEDIUMMemory Corruption vulnerability in SAPCAREPSS 0.1%CVE-2025-43001MEDIUMMultiple Privilege Escalation Vulnerabilities in SAPCAREPSS 0.1%CVE-2025-42895MEDIUMCode Injection vulnerability in SAP HANA JDBC ClientEPSS 0.1%CVE-2025-42979MEDIUMInsecure Key & Secret Management vulnerability in SAP GUI for WindowsEPSS 0.1%CVE-2025-42923MEDIUMCross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)EPSS 0.1%CVE-2024-47588MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)EPSS 0.1%CVE-2025-42927LOWInformation Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)EPSS 0.1%