We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 163 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 163
System Types
Affected SAP© system types
3399691
CVSS
9.1
Affected system type
ABAP
Patchday
2023-12
Released on
2023/12/12
Description
Update 1 to 3350297 - [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
3411067
CVSS
9.1
Affected system type
BTP
Patchday
2023-12
Released on
2023/12/12
Description
[Multiple CVEs] Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
3394567
CVSS
8.1
Affected system type
SAP Commerce
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-42481] Improper Access Control vulnerability in SAP Commerce Cloud
3382353
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-42478] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
3385711
CVSS
7.3
Affected system type
SAP GUI / Frontend
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49580] Information disclosure vulnerability in SAP GUI for WIndows and SAP GUI for Java
3406244
CVSS
7.1
Affected system type
Android SDK
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-6542] Missing Authorization Check in SAP EMARSYS SDK ANDROID
3369353
CVSS
6.8
Affected system type
BI/BO platform
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-42476] Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
3395306
CVSS
6.4
Affected system type
ABAP
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49587] Command Injection vulnerability in SAP Solution Manager
3383321
CVSS
6.1
Affected system type
Java
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-42479] Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct
3217087
CVSS
6.1
Affected system type
ABAP
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49577] Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)
3159329
CVSS
5.3
Affected system type
ABAP
Patchday
2023-12
Released on
2023/12/12
Description
Denial of service (DoS) vulnerability in JSZip library bundled within SAPUI5
3406786
CVSS
4.3
Affected system type
SAP UI5
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49584] Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
3392547
CVSS
4.1
Affected system type
ABAP
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49581] SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
3363690
CVSS
3.5
Affected system type
ABAP
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance
3362463
CVSS
3.5
Affected system type
SAP Cloud Connector
Patchday
2023-12
Released on
2023/12/12
Description
[CVE-2023-49578] Denial of service (DOS) in SAP Cloud Connector
3355658
CVSS
9.6
Affected system type
SAP Business One
Patchday
2023-11
Released on
2023/11/14
Description
[CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation
3362849
CVSS
5.3
Affected system type
Kernel
Patchday
2023-11
Released on
2023/11/14
Description
[CVE-2023-41366] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
3366410
CVSS
5.3
Affected system type
Java
Patchday
2023-11
Released on
2023/11/14
Description
[CVE-2023-42480] Information Disclosure in NetWeaver AS Java Logon
3372991
CVSS
6.8
Affected system type
BI/BO platform
Patchday
2023-10
Released on
2023/10/10
Description
[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence
3333426
CVSS
6.5
Affected system type
Java
Patchday
2023-10
Released on
2023/10/26
Description
[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)
3357154
CVSS
6.5
Affected system type
SAP PowerDesigner
Patchday
2023-10
Released on
2023/10/10
Description
[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)
3371873
CVSS
5.3
Affected system type
Java
Patchday
2023-10
Released on
2023/10/10
Description
Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
3338380
CVSS
4.3
Affected system type
SAP Business One
Patchday
2023-10
Released on
2023/10/10
Description
[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)
3222121
CVSS
4.3
Affected system type
ABAP
Patchday
2023-10
Released on
2023/10/10
Description
[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting
3320355
CVSS
9.9
Affected system type
SAP BI
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)
3340576
CVSS
9.8
Affected system type
Kernel, HANA...
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib
3370490
CVSS
8.7
Affected system type
BI/BO platform
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
3327896
CVSS
7.5
Affected system type
Kernel
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40308] Memory Corruption vulnerability in SAP CommonCryptoLib
3357163
CVSS
6.3
Affected system type
PowerDesigner
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40621] Code Injection vulnerability in SAP PowerDesigner Client
3317702
CVSS
6.2
Affected system type
BI/BO platform
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
3349805
CVSS
5.7
Affected system type
Java
Patchday
2023-09
Released on
2023/09/12
Description
Denial of service (DOS) vulnerability due to the usage of vulnerable version of Commons File Upload in SAP Quotation Management Insurance (FS-QUO)
3323163
CVSS
5.5
Affected system type
ABAP
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40624] Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)
3326361
CVSS
5.4
Affected system type
ABAP
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-40625] Missing Authorization check in Manage Purchase Contracts App
3352453
CVSS
5.3
Affected system type
BI/BO platform
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-37489] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)
3348142
CVSS
5.3
Affected system type
Java
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-41367] Missing Authentication check in SAP NetWeaver (Guided Procedures)
3369680
CVSS
3.5
Affected system type
ABAP
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-41369] External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)
3355675
CVSS
2.7
Affected system type
ABAP
Patchday
2023-09
Released on
2023/09/12
Description
[CVE-2023-41368] Insecure Direct Object Reference (IDOR) vulnerability in SAP S/4HANA (Manage checkbook apps)
3341460
CVSS
9.8
Affected system type
SAP PowerDesigner
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner
3350297
CVSS
9.1
Affected system type
ABAP
Patchday
2023-08
Released on
2023/07/11
Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
3346500
CVSS
8.8
Affected system type
SAP Commerce Cloud
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-39439] Improper authentication in SAP Commerce Cloud
3341599
CVSS
7.8
Affected system type
SAP PowerDesigner
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner
3317710
CVSS
7.6
Affected system type
BI/BO platform
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)
3358300
CVSS
7.6
Affected system type
SAP Business One
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One
3344295
CVSS
7.5
Affected system type
Kernel
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server
3312047
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2023-08
Released on
2023/08/08
Description
Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)
3337797
CVSS
7.1
Affected system type
SAP Business One
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)
2032723
CVSS
6.3
Affected system type
ABAP
Patchday
2023-08
Released on
2014/11/11
Description
Switchable authorization checks for RFC in SRM
3350494
CVSS
6.1
Affected system type
Java
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration
3156972
CVSS
6.1
Affected system type
ABAP
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)
3149794
CVSS
6.1
Affected system type
SAP UI5
Patchday
2023-08
Released on
2023/08/08
Description
Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5
3341934
CVSS
5.9
Affected system type
SAP Commerce Cloud
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)
2067220
CVSS
5.8
Affected system type
ABAP
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management
3333616
CVSS
5.3
Affected system type
SAP Business One
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)
3348000
CVSS
4.9
Affected system type
ABAP
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
3312586
CVSS
4.4
Affected system type
BI/BO platform
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform
3358328
CVSS
3.7
Affected system type
SAP Host Agent
Patchday
2023-08
Released on
2023/08/08
Description
[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent
3331376
CVSS
8.7
Affected system type
ABAP
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)
3233899
CVSS
8.6
Affected system type
Kernel
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher
3331029
CVSS
7.8
Affected system type
Sybase platform
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere
3340735
CVSS
7.7
Affected system type
Kernel
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher
3352058
CVSS
7.2
Affected system type
Java
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)
3348145
CVSS
7.2
Affected system type
Java
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)
3343547
CVSS
6.5
Affected system type
Java
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)
3343564
CVSS
6.5
Affected system type
Java
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)
3341211
CVSS
6.3
Affected system type
ABAP
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)
3326769
CVSS
6.1
Affected system type
SAP Enable Now
Patchday
2023-07
Released on
2023/07/11
Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now
3318850
CVSS
6.0
Affected system type
Kernel
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
3320702
CVSS
5.9
Affected system type
BI/BO platform
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform
3324732
CVSS
5.3
Affected system type
Java
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
3351410
CVSS
4.9
Affected system type
ABAP
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security
3088078
CVSS
4.5
Affected system type
BI/BO platform
Patchday
2023-07
Released on
2023/07/11
Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
3324285
CVSS
8.2
Affected system type
SAP UI5
Patchday
2023-06
Released on
2023/06/13
Description
[CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management)
3318657
CVSS
6.4
Affected system type
SAP...
Patchday
2023-06
Released on
2023/06/13
Description
[CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository)
3322800
CVSS
6.1
Affected system type
ABAP
Patchday
2023-06
Released on
2023/06/13
Description
Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
2826092
CVSS
6.1
Affected system type
ABAP
Patchday
2023-06
Released on
2023/06/13
Description
[CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)
3331627
CVSS
6.1
Affected system type
Java
Patchday
2023-06
Released on
2023/06/13
Description
[CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal)
3325642
CVSS
2.7
Affected system type
ABAP
Patchday
2023-06
Released on
2023/06/13
Description
[CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System)
3328495
CVSS
9.8
Affected system type
Reprise License Manager
Patchday
2023-05
Released on
2023/05/09
Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager
3307833
CVSS
9.1
Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)
3323415
CVSS
8.2
Affected system type
SAP Integrated...
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel
3317453
CVSS
8.2
Affected system type
Java
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA
3301942
CVSS
7.9
Affected system type
SAP Plant Connectivity
Patchday
2023-05
Released on
2023/05/23
Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing
3321309
CVSS
7.5
Affected system type
SAP Commerce
Patchday
2023-05
Released on
2023/05/09
Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)
3320145
CVSS
7.5
Affected system type
SAP Commerce
Patchday
2023-05
Released on
2023/05/09
Description
Denial of service (DOS) in SAP Commerce
3320467
CVSS
7.5
Affected system type
SAP GUI / Frontend
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows
3300624
CVSS
7.5
Affected system type
SAP PowerDesigner
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)
3326210
CVSS
7.1
Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5
3313484
CVSS
6.3
Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
3309935
CVSS
6.1
Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform
3315971
CVSS
6.1
Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
3319400
CVSS
6.1
Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform
3315979
CVSS
5.4
Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
3312892
CVSS
5.4
Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
3038911
CVSS
5.0
Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)
1794761
CVSS
4.2
Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/23
Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
3302595
CVSS
3.7
Affected system type
BI/BO platform
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
2335198
CVSS
2.8
Affected system type
ABAP
Patchday
2023-05
Released on
2023/05/09
Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy
3305369
CVSS
10.0
Affected system type
Java
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)
3298961
CVSS
9.8
Affected system type
BI/BO platform
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )
3305907
CVSS
8.7
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)
3312733
CVSS
6.8
Affected system type
Java
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management
3311624
CVSS
6.7
Affected system type
SAP GUI / Frontend
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)
3296378
CVSS
6.5
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform
3289994
CVSS
6.5
Affected system type
Java
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal
3275458
CVSS
6.1
Affected system type
Kernel
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML
3309056
CVSS
6.0
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM
3269352
CVSS
5.4
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
3303060
CVSS
5.3
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)
3315312
CVSS
5.0
Affected system type
Kernel
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher
3316509
CVSS
4.7
Affected system type
SAP Commerce
Patchday
2023-04
Released on
2023/04/11
Description
Remote Code Execution vulnerability in SAP Commerce
3115598
CVSS
4.4
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
3301457
CVSS
4.3
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)
3113349
CVSS
3.7
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
3114489
CVSS
3.7
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)
3117978
CVSS
3.1
Affected system type
ABAP
Patchday
2023-04
Released on
2023/04/11
Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)
3245526
CVSS
9.9
Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
3252433
CVSS
9.9
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java
3294595
CVSS
9.6
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3283438
CVSS
9.0
Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
3296476
CVSS
8.8
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
3294954
CVSS
8.7
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3296346
CVSS
7.4
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
3275727
CVSS
7.2
Affected system type
SAP Host Agent
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL
3289844
CVSS
6.8
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform
3284550
CVSS
6.8
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)
3287120
CVSS
6.5
Affected system type
BI/BO platform
Patchday
2023-03
Released on
2023/03/14
Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform
3296328
CVSS
6.5
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform
3274920
CVSS
6.1
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
3281484
CVSS
6.1
Affected system type
ABAP
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server
3302710
CVSS
6.1
Affected system type
SAP Authenticator for Android
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android
3288096
CVSS
5.3
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)
3288394
CVSS
5.3
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)
3288480
CVSS
5.3
Affected system type
Java
Patchday
2023-03
Released on
2023/03/14
Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)
3285757
CVSS
8.8
Affected system type
SAP Host Agent
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)
3263135
CVSS
8.5
Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
3256787
CVSS
8.4
Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)
3270509
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager
3281724
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)
3265846
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)
2985905
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data
3290901
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)
3267442
CVSS
6.5
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)
3266751
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2
3274585
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
3271227
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
3293786
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3269118
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
3268959
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
3269151
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
3282663
CVSS
6.1
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)
3275841
CVSS
5.4
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation
2788178
CVSS
4.3
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
3263863
CVSS
4.3
Affected system type
BI/BO platform
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface
3287291
CVSS
3.8
Affected system type
ABAP
Patchday
2023-02
Released on
2023/02/14
Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
3275391
CVSS
9.9
Affected system type
SAP Business Planning...
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS
3262810
CVSS
9.9
Affected system type
BI/BO platform
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)
3268093
CVSS
9.4
Affected system type
Java
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java
3089413
CVSS
9.0
Affected system type
Kernel / ABAP
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3276120
CVSS
6.4
Affected system type
SAP Host Agent
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)
3283283
CVSS
6.1
Affected system type
ABAP
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
3266006
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)
3251447
CVSS
4.6
Affected system type
BI/BO platform
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)
3150704
CVSS
4.5
Affected system type
ABAP
Patchday
2023-01
Released on
2023/01/10
Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)