We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 110 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 110
 System Types
Affected SAP© system types

 

Related note
3600840
CVSS
9.6

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42989] Missing Authorization check in SAP NetWeaver Application Server for ABAP

 

Related note
3604119
CVSS
9.1

Affected system type
Java
Patchday
2025-06
Released on
2025/05/13

Description
[CVE-2025-42999] Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

 

Related note
3609271
CVSS
8.8

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42982] Information Disclosure in SAP GRC (AC Plugin)

 

Related note
3474398
CVSS
8.7

Affected system type
BI/BO platform
Patchday
2025-06
Released on
2025/01/14

Description
[CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

 

Related note
3606484
CVSS
8.5

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42983] Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

 

Related note
3560693
CVSS
8.2

Affected system type
BI/BO platform
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-23192] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)

 

Related note
3591978
CVSS
7.7

Affected system type
ABAP
Patchday
2025-06
Released on
2025/05/13

Description
[CVE-2025-43011] Missing Authorization Check in SAP Landscape Transformation (PCL Basis)

 

Related note
3610591
CVSS
7.6

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42977] Directory Traversal vulnerability in SAP NetWeaver Visual Composer

 

Related note
3610006
CVSS
7.5

Affected system type
SAP MDM Server
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42994] Multiple vulnerabilities in SAP MDM Server

 

Related note
3580384
CVSS
6.7

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42993] Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)

 

Related note
3590887
CVSS
5.8

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-31325] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)

 

Related note
3585992
CVSS
5.8

Affected system type
ABAP
Patchday
2025-06
Released on
2025/05/13

Description
[CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

 

Related note
3441087
CVSS
5.4

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42984] Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)

 

Related note
3594258
CVSS
5.3

Affected system type
SAP Business One
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42998] Security misconfiguration vulnerability in SAP Business One Integration Framework

 

Related note
3596850
CVSS
4.3

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42987] Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)

 

Related note
3608058
CVSS
4.3

Affected system type
ABAP
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42991] Missing Authorization check in SAP S/4HANA (Bank Account Application)

 

Related note
3585545
CVSS
3.7

Affected system type
BI/BO platform
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42988] Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform

 

Related note
3426825
CVSS
3.1

Affected system type
ABAP
Patchday
2025-06
Released on
2025/02/11

Description
[CVE-2025-23191] Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP

 

Related note
3601169
CVSS
3.0

Affected system type
SAP UI5
Patchday
2025-06
Released on
2025/06/10

Description
[CVE-2025-42990] HTML Injection in Unprotected SAPUI5 applications

 

Related note
3594142
CVSS
10.0

Affected system type
Java
Exploit available
Patchday
2025-05
Released on
2025/04/24

Description
[CVE-2025-31324] Missing Authorization check in SAP NetWeaver (Visual Composer development server)

 

Related note
3581961
CVSS
9.9

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/08

Description
[CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

 

Related note
3587115
CVSS
9.9

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/08

Description
[CVE-2025-31330] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

 

Related note
3578900
CVSS
8.6

Affected system type
Java
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-30018] Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

 

Related note
3600859
CVSS
8.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43010] Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))

 

Related note
3586013
CVSS
7.9

Affected system type
BI/BO platform
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43000] Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

 

Related note
3483344
CVSS
7.7

Affected system type
ABAP
Patchday
2025-05
Released on
2024/07/09

Description
[CVE-2024-39592] Missing Authorization check in SAP PDCE

 

Related note
3577300
CVSS
6.6

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-42997] Information Disclosure vulnerability in SAP Gateway Client

 

Related note
3596033
CVSS
6.4

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43003] Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)

 

Related note
2491817
CVSS
6.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43009] Missing Authorization check in SAP Service Parts Management (SPM)

 

Related note
2719724
CVSS
6.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43007] Missing Authorization check in SAP Service Parts Management (SPM)

 

Related note
3577287
CVSS
6.2

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-31329] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

 

Related note
3588455
CVSS
6.1

Affected system type
Java
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43006] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

 

Related note
3571096
CVSS
5.3

Affected system type
SAP Digital...
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43004] Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)

 

Related note
3446649
CVSS
4.6

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/22

Description
[CVE-2025-31328] Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)

 

Related note
3558755
CVSS
4.4

Affected system type
SAP Data Services
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-26662] Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console

 

Related note
3359825
CVSS
4.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/22

Description
[CVE-2025-31327] OData meta-data property entity tampering in SAP Field Logistics

 

Related note
3227940
CVSS
4.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43002] Missing Authorization check in SAP S4/HANA (OData meta-data property)

 

Related note
3574520
CVSS
4.3

Affected system type
SAP GUI / Frontend
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43005] Information Disclosure vulnerability in SAP GUI for Windows

 

Related note
3572688
CVSS
9.8

Affected system type
SAP Financial Consolidation
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30016] Authentication Bypass Vulnerability in SAP Financial Consolidation

 

Related note
3525794
CVSS
8.8

Affected system type
BI/BO platform
Patchday
2025-04
Released on
2025/02/11

Description
[CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

 

Related note
3554667
CVSS
8.5

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-23186] Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

 

Related note
3590984
CVSS
8.1

Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2024-56337] Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat within SAP Commerce Cloud

 

Related note
3581811
CVSS
7.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-27428] Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

 

Related note
2927164
CVSS
7.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30014] Directory Traversal vulnerability in SAP Capital Yield Tax Management

 

Related note
3543274
CVSS
6.8

Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-26654] Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

 

Related note
3571093
CVSS
6.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30013] Code Injection vulnerability in SAP ERP BW Business Content

 

Related note
3565751
CVSS
6.6

Affected system type
BI/BO platform
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-31332] Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform

 

Related note
3568307
CVSS
5.3

Affected system type
Java
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-26657] Information Disclosure vulnerability in SAP KMC WPC

 

Related note
3559307
CVSS
4.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-26653] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

 

Related note
3558864
CVSS
4.4

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30017] Missing Authorization check in SAP Solution Manager

 

Related note
3525971
CVSS
4.3

Affected system type
ABAP
Patchday
2025-04
Released on
2024/10/10

Description
[CVE-2025-31333] Odata meta-data tampering in SAP S4CORE entity

 

Related note
3568778
CVSS
4.3

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-27437] Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

 

Related note
3577131
CVSS
4.3

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver

 

Related note
3539465
CVSS
4.2

Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-27435] Information Disclosure Vulnerability in SAP Commerce Cloud

 

Related note
3565944
CVSS
4.1

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30015] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

 

Related note
3561861
CVSS
3.5

Affected system type
ABAP
Patchday
2025-04
Released on
2025/03/11

Description
[CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)

 

Related note
3569602
CVSS
8.8

Affected system type
SAP Commerce
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-27434] Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

 

Related note
3563927
CVSS
8.8

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-26661] Missing Authorization check in SAP NetWeaver (ABAP Class Builder)

 

Related note
3566851
CVSS
8.6

Affected system type
SAP Commerce Cloud
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2024-38286] Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud

 

Related note
3567974
CVSS
8.1

Affected system type
SAP Approuter
Patchday
2025-03
Released on
2025/02/11

Description
[CVE-2025-24876] Authentication bypass via authorization code injection in SAP Approuter

 

Related note
3561045
CVSS
6.8

Affected system type
SAP Business One
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-26658] Broken Authentication in SAP Business One (Service Layer)

 

Related note
3552824
CVSS
6.1

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-26659] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

 

Related note
3562390
CVSS
6.1

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-25242] Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP

 

Related note
3552144
CVSS
5.7

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-25244] Missing Authorization Check in SAP Business Warehouse (Process Chains)

 

Related note
3567246
CVSS
5.4

Affected system type
Java
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-27431] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

 

Related note
3557469
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-25245] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

 

Related note
3561792
CVSS
5.3

Affected system type
Java
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

 

Related note
3558132
CVSS
4.9

Affected system type
Kernel
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-0071] Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager

 

Related note
3557459
CVSS
4.7

Affected system type
BI/BO platform
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-0062] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

 

Related note
3557655
CVSS
4.3

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-26660] Broken Access Control in SAP Fiori apps (Posting Library)

 

Related note
3475427
CVSS
4.3

Affected system type
SAP Fiori
Patchday
2025-03
Released on
2024/08/13

Description
[CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work

 

Related note
3474392
CVSS
4.3

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-26656] Missing Authorization check in S/4HANA (Manage Purchasing Info Records)

 

Related note
3557131
CVSS
4.3

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-23188] Missing Authorization check in SAP S/4HANA (RBD)

 

Related note
3565835
CVSS
4.3

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-27433] Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)

 

Related note
3549494
CVSS
4.1

Affected system type
BI/BO platform
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-23185] Information Disclosure in SAP Business Objects Business Intelligence Platform

 

Related note
3562415
CVSS
3.7

Affected system type
SAP Commerce Cloud SAP DataHub
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2024-38819] Multiple vulnerabilities in Spring Framework within SAP Commerce Cloud and SAP Datahub

 

Related note
3347991
CVSS
3.1

Affected system type
ABAP
Patchday
2025-03
Released on
2025/02/24

Description
[CVE-2025-26655] Missing Authorization check in SAP JIT(Outbound)

 

Related note
3568865
CVSS
2.4

Affected system type
ABAP
Patchday
2025-03
Released on
2025/03/11

Description
[CVE-2025-27432] Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)

 

Related note
3576540
CVSS
0.0

Affected system type
BTP
Patchday
2025-03
Released on
2025/03/11

Description
Open Source Security Advisory: Best Practices for Securing Spring Boot Actuator Endpoints for applications running on BTP

 

Related note
3417627
CVSS
8.8

Affected system type
Java
Patchday
2025-02
Released on
2024/02/13

Description
[CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

 

Related note
3567551
CVSS
8.6

Affected system type
Java
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-25243] Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

 

Related note
3567172
CVSS
7.5

Affected system type
SAP Enterprise...
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2024-38819] Multiple vulnerabilities in SAP Enterprise Project Connection

 

Related note
3563929
CVSS
7.1

Affected system type
SAP HANA Platform
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24868] Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

 

Related note
3559510
CVSS
6.8

Affected system type
SAP Commerce Cloud
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24874] Missing Defense in Depth Against Clickjacking in SAP Commerce (Backoffice)

 

Related note
3555364
CVSS
6.8

Affected system type
SAP Commerce Cloud
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24875] SameSite Defense in Depth not applied for some cookies in SAP Commerce

 

Related note
3445708
CVSS
6.1

Affected system type
BI/BO platform
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24867] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)

 

Related note
3557138
CVSS
6.1

Affected system type
Java
Patchday
2025-02
Released on
2025/02/11

Description
Update 1 to Security Note 3417627 - [CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

 

Related note
3562336
CVSS
6.0

Affected system type
SAP GUI / Frontend
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24870] Insecure Key & Secret Management vulnerability in SAP GUI for Windows

 

Related note
3540273
CVSS
5.5

Affected system type
SAP Commerce Cloud
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2024-45216] Multiple vulnerabilities in Apache Solr within SAP Commerce Cloud

 

Related note
3532025
CVSS
5.4

Affected system type
ABAP
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-25241] Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)

 

Related note
3526203
CVSS
5.4

Affected system type
Java
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-0054] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

 

Related note
3546470
CVSS
5.3

Affected system type
ABAP
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-23187] Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

 

Related note
3561264
CVSS
5.3

Affected system type
ABAP
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-23193] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP

 

Related note
3287784
CVSS
5.3

Affected system type
Java
Patchday
2025-02
Released on
2023/04/11

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

 

Related note
3550027
CVSS
4.3

Affected system type
Java
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24869] Information Disclosure vulnerability in SAP NetWeaver Application Server Java

 

Related note
3547581
CVSS
4.3

Affected system type
ABAP
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-23190] Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

 

Related note
3553753
CVSS
4.3

Affected system type
ABAP
Patchday
2025-02
Released on
2025/02/11

Description
[CVE-2025-24872] Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

 

Related note
3550708
CVSS
9.9

Affected system type
ABAP
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework)

 

Related note
3537476
CVSS
9.9

Affected system type
Kernel
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

 

Related note
3550816
CVSS
8.8

Affected system type
ABAP
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

 

Related note
3542533
CVSS
7.8

Affected system type
SAPSetup
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup

 

Related note
3542698
CVSS
6.5

Affected system type
ABAP
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow

 

Related note
3540108
CVSS
6.3

Affected system type
Java
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java

 

Related note
3502459
CVSS
6.0

Affected system type
SAP GUI / Frontend
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java

 

Related note
3472837
CVSS
6.0

Affected system type
SAP GUI / Frontend
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows

 

Related note
3503138
CVSS
6.0

Affected system type
SAP GUI / Frontend
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

 

Related note
3536461
CVSS
5.3

Affected system type
ABAP
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

 

Related note
3514421
CVSS
4.8

Affected system type
Java
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

 

Related note
3550674
CVSS
4.3

Affected system type
ABAP
Patchday
2025-01
Released on
2025/01/14

Description
[CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

 

Related note
3492169
CVSS
2.2

Affected system type
BI/BO platform
Patchday
2025-01
Released on
2025/01/14

Description
Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise)

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2025 by SecurityBridge GmbH

v38.4