Vulnerabilidades em SAP_SE

555 resultados

Análise Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-30015MEDIUMMemory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)EPSS 0.2%CVE-2026-24327MEDIUMMissing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)EPSS 0.2%CVE-2025-42909LOWSecurity Misconfiguration vulnerability in SAP Cloud Appliance Library AppliancesEPSS 0.2%CVE-2026-34256HIGHMissing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)EPSS 0.2%CVE-2025-26659MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)EPSS 0.2%CVE-2025-43007MEDIUMMissing Authorization check in SAP Service Parts Management (SPM)EPSS 0.2%CVE-2026-44754MEDIUMMissing caller identification check-in for ODP Data Replication APIsEPSS 0.2%CVE-2025-43009MEDIUMMissing Authorization check in SAP Service Parts Management (SPM)EPSS 0.2%CVE-2025-42883LOWInsecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)EPSS 0.2%CVE-2025-42925MEDIUMPredictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)EPSS 0.2%CVE-2025-42962MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation)EPSS 0.2%CVE-2025-25245MEDIUMCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)EPSS 0.2%CVE-2023-32115MEDIUMSQL Injection in Master Data Synchronization (MDS COMPARE TOOL)EPSS 0.2%CVE-2025-42929HIGHMissing input validation vulnerability in SAP Landscape Transformation Replication ServerEPSS 0.2%CVE-2025-42917MEDIUMMissing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application)EPSS 0.2%CVE-2026-40133MEDIUMMissing Authorization check in SAP S/4HANA Condition MaintenanceEPSS 0.2%CVE-2025-42912MEDIUMMissing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)EPSS 0.2%CVE-2026-27686MEDIUMMissing Authorization check in SAP Business Warehouse (Service API)EPSS 0.2%CVE-2026-0489MEDIUMDOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)EPSS 0.2%CVE-2026-24321MEDIUMInformation Disclosure vulnerability in SAP Commerce CloudEPSS 0.2%

← anteriorpágina 21 / 28próxima →