We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.9.

 

Severity
SAP© Security advisories 22
 System Types
Affected SAP© system types

 

Related note
3719353
CVSS
9.9

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3719353 - [CVE-2026-27681] SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
Security Advisory
Related note
3678282
CVSS
7.5

Affected system type BI/BO platform
Patchday 2026-04
Released on 2026/02/10
Description 3678282 - [CVE-2026-0485] Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform
Security Advisory
Related note
3731908
CVSS
7.1

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3731908 - [CVE-2026-34256] Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Security Advisory
Related note
3716767
CVSS
6.5

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3716767 - [CVE-2026-27679] Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)
Security Advisory
Related note
3715177
CVSS
6.5

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3715177 - [CVE-2026-27678] Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)
Security Advisory
Related note
3705094
CVSS
6.5

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3705094 - [CVE-2026-34261] Missing Authorization check in SAP Business Analytics and SAP Content Management
Security Advisory
Related note
3696239
CVSS
6.5

Affected system type BI/BO platform
Patchday 2026-04
Released on 2026/04/14
Description 3696239 - [CVE-2025-64775] Denial of Service Vulnerability in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3715097
CVSS
6.5

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3715097 - [CVE-2026-27677] Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)
Security Advisory
Related note
3680767
CVSS
6.5

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3680767 - [CVE-2026-34264] Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
Security Advisory
Related note
3689080
CVSS
6.4

Affected system type ABAP
Patchday 2026-04
Released on 2026/03/10
Description 3689080 - [CVE-2026-24316] Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3692004
CVSS
6.1

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3692004 - [CVE-2026-34257] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3645228
CVSS
6.1

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3645228 - [CVE-2026-0512] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
Security Advisory
Related note
3719397
CVSS
6.1

Affected system type Java
Patchday 2026-04
Released on 2026/04/14
Description 3719397 - [CVE-2026-27674] Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
Security Advisory
Related note
3730639
CVSS
5.0

Affected system type HANA platform
Patchday 2026-04
Released on 2026/04/14
Description 3730639 - [CVE-2026-34262] Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Security Advisory
Related note
3703813
CVSS
4.9

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3703813 - [CVE-2026-27673] Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
Security Advisory
Related note
3530544
CVSS
4.3

Affected system type ABAP
Patchday 2026-04
Released on 2025/11/11
Description 3530544 - [CVE-2025-42899] Missing Authorization check in SAP S4CORE (Manage Journal Entries)
Security Advisory
Related note
3703276
CVSS
4.3

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3703276 - [CVE-2026-27672] Missing Authorization check in Material Master Application
Security Advisory
Related note
3711682
CVSS
4.3

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3711682 - [CVE-2026-27676] Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)
Security Advisory
Related note
3702191
CVSS
4.2

Affected system type BI/BO platform
Patchday 2026-04
Released on 2026/04/14
Description 3702191 - [CVE-2026-24318] Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3698216
CVSS
4.1

Affected system type BI/BO platform
Patchday 2026-04
Released on 2026/04/14
Description 3698216 - [CVE-2026-27683] Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3665042
CVSS
3.1

Affected system type ABAP
Patchday 2026-04
Released on 2026/03/10
Description 3665042 - [CVE-2026-27680] CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3723097
CVSS
2.0

Affected system type ABAP
Patchday 2026-04
Released on 2026/04/14
Description 3723097 - [CVE-2026-27675] Code Injection vulnerability in SAP Landscape Transformation
Security Advisory