Vulnerabilidades em SAP_SE

555 resultados
Análise Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-42973MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report)EPSS 0.2%CVE-2025-42915MEDIUMMissing Authorization Check in Fiori app (Manage Payment Blocks)EPSS 0.2%CVE-2026-0514MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Business ConnectorEPSS 0.2%CVE-2026-0486MEDIUMMissing Authorization Check in ABAP based SAP systemsEPSS 0.2%CVE-2026-27675LOWCode Injection vulnerability in SAP Landscape TransformationEPSS 0.2%CVE-2026-23681MEDIUMMissing Authorization check in a function module in SAP Support Tools Plug-InEPSS 0.2%CVE-2026-27672MEDIUMMissing Authorization check in Material Master ApplicationEPSS 0.2%CVE-2026-24318MEDIUMInsecure Session Management vulnerability in SAP BusinessObjects Business Intelligence PlatformEPSS 0.2%CVE-2025-42998MEDIUMSecurity misconfiguration vulnerability in SAP Business One Integration FrameworkEPSS 0.2%CVE-2026-24328MEDIUMOpen Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)EPSS 0.2%CVE-2026-23684MEDIUMRace condition vulnerability in SAP Commerce CloudEPSS 0.2%CVE-2026-23686LOWCRLF Injection vulnerability in SAP NetWeaver Application Server JavaEPSS 0.2%CVE-2024-45281MEDIUMDLL hijacking vulnerability in SAP BusinessObjects Business Intelligence PlatformEPSS 0.2%CVE-2026-24316MEDIUMServer-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2025-24875MEDIUMSameSite Defense in Depth not applied for some cookies in SAP CommerceEPSS 0.2%CVE-2025-42889MEDIUMSQL Injection vulnerability in SAP Starter Solution (PL SAFT)EPSS 0.2%CVE-2026-44750MEDIUMMissing Authorization check in SAP MDG (Review Match Groups Application)EPSS 0.2%CVE-2025-43005MEDIUMInformation Disclosure vulnerability in SAP GUI for WindowsEPSS 0.2%CVE-2026-27673MEDIUMMissing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)EPSS 0.2%CVE-2026-27676MEDIUMMissing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)EPSS 0.2%