Description
[CVE-2025-42989] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Description
[CVE-2025-42999] Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

Description
[CVE-2025-42982] Information Disclosure in SAP GRC (AC Plugin)

Description
[CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2025-42983] Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

Description
[CVE-2025-23192] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)

Description
[CVE-2025-43011] Missing Authorization Check in SAP Landscape Transformation (PCL Basis)

Description
[CVE-2025-42994] Multiple vulnerabilities in SAP MDM Server

Description
[CVE-2025-31325] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)

Description
[CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Description
[CVE-2025-42984] Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)

Description
[CVE-2025-42998] Security misconfiguration vulnerability in SAP Business One Integration Framework

Description
[CVE-2025-42987] Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)

Description
[CVE-2025-42991] Missing Authorization check in SAP S/4HANA (Bank Account Application)

Description
[CVE-2025-42988] Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform

Description
[CVE-2025-23191] Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP

Description
[CVE-2025-42990] HTML Injection in Unprotected SAPUI5 applications

Description
[CVE-2025-31324] Missing Authorization check in SAP NetWeaver (Visual Composer development server)

Description
[CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Description
[CVE-2025-31330] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

Description
[CVE-2025-43010] Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))

Description
[CVE-2025-43000] Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

Description
[CVE-2024-39592] Missing Authorization check in SAP PDCE

Description
[CVE-2025-42997] Information Disclosure vulnerability in SAP Gateway Client

Description
[CVE-2025-43003] Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)

Description
[CVE-2025-43007] Missing Authorization check in SAP Service Parts Management (SPM)

Description
[CVE-2025-43009] Missing Authorization check in SAP Service Parts Management (SPM)

Description
[CVE-2025-31329] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2025-43006] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

Description
[CVE-2025-43004] Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)

Description
[CVE-2025-31328] Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)

Description
[CVE-2025-26662] Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console

Description
[CVE-2025-31327] OData meta-data property entity tampering in SAP Field Logistics

Description
[CVE-2025-43005] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2025-43002] Missing Authorization check in SAP S4/HANA (OData meta-data property)

Description
[CVE-2025-30016] Authentication Bypass Vulnerability in SAP Financial Consolidation

Description
[CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

Description
[CVE-2025-23186] Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Description
[CVE-2024-56337] Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat within SAP Commerce Cloud

Description
[CVE-2025-30014] Directory Traversal vulnerability in SAP Capital Yield Tax Management

Description
[CVE-2025-27428] Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

Description
[CVE-2025-26654] Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

Description
[CVE-2025-30013] Code Injection vulnerability in SAP ERP BW Business Content

Description
[CVE-2025-31332] Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2025-26657] Information Disclosure vulnerability in SAP KMC WPC

Description
[CVE-2025-26653] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Description
[CVE-2025-30017] Missing Authorization check in SAP Solution Manager

Description
[CVE-2025-27437] Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

Description
[CVE-2025-31333] Odata meta-data tampering in SAP S4CORE entity

Description
[CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver

Description
[CVE-2025-27435] Information Disclosure Vulnerability in SAP Commerce Cloud

Description
[CVE-2025-30015] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Description
[CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)

Description
[CVE-2025-27434] Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

Description
[CVE-2025-26661] Missing Authorization check in SAP NetWeaver (ABAP Class Builder)

Description
[CVE-2024-38286] Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud

Description
[CVE-2025-24876] Authentication bypass via authorization code injection in SAP Approuter

Description
[CVE-2025-26658] Broken Authentication in SAP Business One (Service Layer)

Description
[CVE-2025-25242] Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP

Description
[CVE-2025-26659] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Description
[CVE-2025-25244] Missing Authorization Check in SAP Business Warehouse (Process Chains)

Description
[CVE-2025-27431] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

Description
[CVE-2025-25245] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Description
[CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

Description
[CVE-2025-0071] Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager

Description
[CVE-2025-0062] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Description
[CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work

Description
[CVE-2025-27433] Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)

Description
[CVE-2025-23188] Missing Authorization check in SAP S/4HANA (RBD)

Description
[CVE-2025-26660] Broken Access Control in SAP Fiori apps (Posting Library)

Description
[CVE-2025-26656] Missing Authorization check in S/4HANA (Manage Purchasing Info Records)

Description
[CVE-2025-23185] Information Disclosure in SAP Business Objects Business Intelligence Platform

Description
[CVE-2024-38819] Multiple vulnerabilities in Spring Framework within SAP Commerce Cloud and SAP Datahub

Description
[CVE-2025-26655] Missing Authorization check in SAP JIT(Outbound)

Description
[CVE-2025-27432] Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)

Description
Open Source Security Advisory: Best Practices for Securing Spring Boot Actuator Endpoints for applications running on BTP

Description
[CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

Description
[CVE-2025-25243] Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

Description
[CVE-2024-38819] Multiple vulnerabilities in SAP Enterprise Project Connection

Description
[CVE-2025-24868] Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

Description
[CVE-2025-24874] Missing Defense in Depth Against Clickjacking in SAP Commerce (Backoffice)

Description
[CVE-2025-24875] SameSite Defense in Depth not applied for some cookies in SAP Commerce

Description
Update 1 to Security Note 3417627 - [CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

Description
[CVE-2025-24867] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)

Description
[CVE-2025-24870] Insecure Key & Secret Management vulnerability in SAP GUI for Windows

Description
[CVE-2024-45216] Multiple vulnerabilities in Apache Solr within SAP Commerce Cloud

Description
[CVE-2025-25241] Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)

Description
[CVE-2025-0054] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Description
[CVE-2025-23187] Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Description
[CVE-2025-23193] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP

Description
[CVE-2025-23190] Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Description
[CVE-2025-24872] Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

Description
[CVE-2025-24869] Information Disclosure vulnerability in SAP NetWeaver Application Server Java

Description
[CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework)

Description
[CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup

Description
[CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow

Description
[CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java

Description
[CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java

Description
[CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Description
[CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

Description
[CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Description
Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise)