We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 204 and the highest CVSS score is 10.0.

 

Severity
SAP© Security advisories 204
 System Types
Affected SAP© system types

 

Related note
3666261
CVSS
10.0

Affected system type Sybase platform
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42890] Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)
Security Advisory
Related note
3660659
CVSS
10.0

Affected system type Java
Patchday 2025-11
Released on 2025/10/14
Description [CVE-2025-42944] Security Hardening for Insecure Deserialization in SAP NetWeaver AS Java
Security Advisory
Related note
3647332
CVSS
9.0

Affected system type ABAP
Patchday 2025-11
Released on 2025/10/14
Description [CVE-2025-42910] Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management
Security Advisory
Related note
3633049
CVSS
7.5

Affected system type ABAP Java HANA platform
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42940] Memory Corruption vulnerability in SAP CommonCryptoLib
Security Advisory
Related note
3664466
CVSS
7.5

Affected system type SAP Commerce Cloud
Patchday 2025-11
Released on 2025/10/14
Description [CVE-2025-5115] Denial of service (DOS) in SAP Commerce Cloud (Search and Navigation)
Security Advisory
Related note
3643385
CVSS
6.9

Affected system type SAP HANA Client
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42895 ] Code Injection vulnerability in SAP HANA JDBC Client
Security Advisory
Related note
3665900
CVSS
6.8

Affected system type SAP Business Connector
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42892] OS Command Injection vulnerability in SAP Business Connector
Security Advisory
Related note
3666038
CVSS
6.8

Affected system type SAP Business Connector
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42894] Path Traversal vulnerability in SAP Business Connector
Security Advisory
Related note
3660969
CVSS
6.5

Affected system type Java
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42884] JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
Security Advisory
Related note
3642398
CVSS
6.1

Affected system type ABAP
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42924] Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)
Security Advisory
Related note
3662000
CVSS
6.1

Affected system type SAP Business Connector
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42893] Open Redirect vulnerability in SAP Business Connector
Security Advisory
Related note
3665907
CVSS
6.1

Affected system type SAP Business Connector
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42886] Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
Security Advisory
Related note
3597355
CVSS
6.1

Affected system type ABAP
Patchday 2025-11
Released on 2025/08/12
Description [CVE-2025-42942] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3639264
CVSS
5.8

Affected system type SAP HANA Platform
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42885] Missing authentication in SAP HANA 2.0 (hdbrss)
Security Advisory
Related note
3651097
CVSS
5.5

Affected system type SAP GUI / Frontend
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42888] Information Disclosure vulnerability in SAP GUI for Windows
Security Advisory
Related note
2886616
CVSS
5.4

Affected system type ABAP
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42889] SQL Injection vulnerability in SAP Starter Solution (PL SAFT)
Security Advisory
Related note
3652901
CVSS
5.3

Affected system type SAP Business One
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42897] Information Disclosure vulnerability in SAP Business One (SLD)
Security Advisory
Related note
3643603
CVSS
5.3

Affected system type Java
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42919] Information Disclosure vulnerability in SAP NetWeaver Application Server Java
Security Advisory
Related note
3627644
CVSS
5.0

Affected system type ABAP
Patchday 2025-11
Released on 2025/09/09
Description [CVE-2025-42911] Missing Authorization check in SAP NetWeaver (Service Data Download)
Security Advisory
Related note
3530544
CVSS
4.3

Affected system type ABAP
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42899] Missing Authorization check in SAP S4CORE (Manage Journal Entries)
Security Advisory
Related note
3643337
CVSS
4.3

Affected system type ABAP
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42882] Missing Authorization check in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3617142
CVSS
3.5

Affected system type BI/BO platform
Patchday 2025-11
Released on 2025/10/14
Description [CVE-2025-31672] Deserialization Vulnerability in SAP BusinessObjects (Web Intelligence and Platform Search)
Security Advisory
Related note
3426825
CVSS
3.1

Affected system type ABAP
Patchday 2025-11
Released on 2025/02/11
Description [CVE-2025-23191] Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP
Security Advisory
Related note
3634053
CVSS
2.7

Affected system type ABAP
Patchday 2025-11
Released on 2025/11/11
Description [CVE-2025-42883] Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)
Security Advisory
Related note
3634501
CVSS
10.0

Affected system type Java
Patchday 2025-10
Released on 2025/09/09
Description [CVE-2025-42944] Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)
Security Advisory
Related note
3643865
CVSS
9.9

Affected system type Java
Patchday 2025-10
Released on 2025/09/09
Description [CVE-2025-42922] Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)
Security Advisory
Related note
3630595
CVSS
9.8

Affected system type SAPSprint
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42937] Directory Traversal vulnerability in SAP Print Service
Security Advisory
Related note
3302162
CVSS
9.6

Affected system type ABAP
Patchday 2025-10
Released on 2023/03/14
Description [CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Security Advisory
Related note
3658838
CVSS
7.1

Affected system type SAP Data Hub
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-48913]Security Misconfiguration vulnerability in SAP Data Hub Integration Suite
Security Advisory
Related note
3643832
CVSS
6.5

Affected system type ABAP
Patchday 2025-10
Released on 2025/09/09
Description [CVE-2025-42917] Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application)
Security Advisory
Related note
3635587
CVSS
6.5

Affected system type ABAP
Patchday 2025-10
Released on 2025/09/09
Description [CVE-2025-42912] Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)
Security Advisory
Related note
3503138
CVSS
6.0

Affected system type SAP GUI / Frontend
Patchday 2025-10
Released on 2025/01/14
Description [CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
Security Advisory
Related note
3642021
CVSS
5.4

Affected system type Kernel
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42908] Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3409013
CVSS
5.4

Affected system type ABAP
Patchday 2025-10
Released on 2025/09/09
Description [CVE-2025-42915] Missing Authorization Check in Fiori app (Manage Payment Blocks)
Security Advisory
Related note
3441087
CVSS
5.4

Affected system type ABAP
Patchday 2025-10
Released on 2025/06/10
Description [CVE-2025-42984] Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)
Security Advisory
Related note
3652788
CVSS
5.4

Affected system type ABAP
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42901] Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)
Security Advisory
Related note
3634724
CVSS
5.3

Affected system type SAP Commerce Cloud
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42906] Directory Traversal vulnerability in SAP Commerce Cloud
Security Advisory
Related note
3627308
CVSS
5.3

Affected system type Kernel
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42902] Memory Corruption vulnerability in SAP Netweaver AS ABAP and ABAP Platform
Security Advisory
Related note
3656781
CVSS
4.3

Affected system type ABAP
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42903] User Enumeration and Sensitive Data Exposure via RFC Function in SAP Financial Service Claims Management
Security Advisory
Related note
3623504
CVSS
4.3

Affected system type ABAP
Patchday 2025-10
Released on 2025/09/09
Description [CVE-2025-42918] Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)
Security Advisory
Related note
3625683
CVSS
4.3

Affected system type ABAP
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42939] Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)
Security Advisory
Related note
3540622
CVSS
4.3

Affected system type BI/BO platform
Patchday 2025-10
Released on 2025/09/23
Description [CVE-2025-42907] Server-Side Request Forgery in SAP BI Platform
Security Advisory
Related note
3577131
CVSS
4.3

Affected system type ABAP
Patchday 2025-10
Released on 2025/04/08
Description [CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver
Security Advisory
Related note
3643871
CVSS
3.0

Affected system type ABAP
Patchday 2025-10
Released on 2025/10/14
Description [CVE-2025-42909] Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances
Security Advisory
Related note
3627373
CVSS
9.1

Affected system type Kernel
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42958] Missing Authentication check in SAP NetWeaver
Security Advisory
Related note
3642961
CVSS
8.8

Affected system type SAP Business One
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42933] Insecure Storage of Sensitive Information in SAP Business One (SLD)
Security Advisory
Related note
3633002
CVSS
8.1

Affected system type ABAP
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42929] Missing input validation vulnerability in SAP Landscape Transformation Replication Server
Security Advisory
Related note
3635475
CVSS
8.1

Affected system type ABAP
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42916] Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
Security Advisory
Related note
3581811
CVSS
7.7

Affected system type ABAP
Patchday 2025-09
Released on 2025/04/08
Description [CVE-2025-27428] Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)
Security Advisory
Related note
3620264
CVSS
6.6

Affected system type SAP Commerce Cloud SAP DataHub
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-22228] Security Misconfiguration vulnerability in Spring security within SAP Commerce Cloud and SAP Datahub
Security Advisory
Related note
3614067
CVSS
6.5

Affected system type ABAP
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42930] Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation
Security Advisory
Related note
3611420
CVSS
6.5

Affected system type BI/BO platform
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2023-5072] Denial of Service (DoS) vulnerability due to outdated JSON library used in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3647098
CVSS
6.1

Affected system type ABAP
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42920] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management
Security Advisory
Related note
3629325
CVSS
6.1

Affected system type ABAP
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42938] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform
Security Advisory
Related note
3619465
CVSS
5.3

Affected system type Java
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42926] Missing Authentication check in SAP NetWeaver Application Server Java
Security Advisory
Related note
3450692
CVSS
4.3

Affected system type SAP Fiori
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42923] Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)
Security Advisory
Related note
3640477
CVSS
4.3

Affected system type Java
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42925] Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)
Security Advisory
Related note
3624943
CVSS
3.5

Affected system type SAP UI5
Patchday 2025-09
Released on 2025/08/12
Description [CVE-2025-42941] Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
Security Advisory
Related note
3525295
CVSS
3.4

Affected system type Java
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2025-42927] Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)
Security Advisory
Related note
3632154
CVSS
3.1

Affected system type SAP Commerce Cloud
Patchday 2025-09
Released on 2025/09/09
Description [CVE-2024-13009] Potential Improper Resource Release vulnerability in SAP Commerce Cloud
Security Advisory
Related note
3581961
CVSS
9.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/04/08
Description [CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
Security Advisory
Related note
3633838
CVSS
9.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42950] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
Security Advisory
Related note
3627998
CVSS
9.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42957] Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
Security Advisory
Related note
3610892
CVSS
9.1

Affected system type Java
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42966] Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)
Security Advisory
Related note
3625403
CVSS
8.8

Affected system type SAP Business One
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42951] Broken Authorization in SAP Business One (SLD)
Security Advisory
Related note
3611184
CVSS
8.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42976] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)
Security Advisory
Related note
3600846
CVSS
8.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42959] Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476
Security Advisory
Related note
3614804
CVSS
6.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42946] Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)
Security Advisory
Related note
3585491
CVSS
6.1

Affected system type Kernel
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42945] HTML Injection vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3629871
CVSS
6.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42948] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform
Security Advisory
Related note
3596987
CVSS
6.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42969] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Security Advisory
Related note
3617131
CVSS
6.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42981] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3585992
CVSS
5.8

Affected system type ABAP
Patchday 2025-08
Released on 2025/05/13
Description [CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
Security Advisory
Related note
3540688
CVSS
5.5

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/22
Description [CVE-2025-42947] Code Injection vulnerability in SAP FICA ODN framework
Security Advisory
Related note
3602656
CVSS
5.4

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42936] Missing Authorization check in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3561792
CVSS
5.3

Affected system type Java
Patchday 2025-08
Released on 2025/03/11
Description [CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)
Security Advisory
Related note
3626722
CVSS
4.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42949] Missing Authorization check in ABAP Platform
Security Advisory
Related note
3627845
CVSS
4.5

Affected system type SAP GUI / Frontend
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42943] Information Disclosure in SAP GUI for Windows
Security Advisory
Related note
3616863
CVSS
4.3

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42934] CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)
Security Advisory
Related note
3601480
CVSS
4.1

Affected system type Kernel
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42935] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)
Security Advisory
Related note
3611345
CVSS
3.5

Affected system type SAP Cloud Connector
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42955] Missing authorization check in SAP Cloud Connector
Security Advisory
Related note
3557179
CVSS
3.5

Affected system type Java
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42978] Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java
Security Advisory
Related note
3578900
CVSS
10.0

Affected system type Java
Patchday 2025-07
Released on 2025/05/13
Description [CVE-2025-30012] Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
Security Advisory
Related note
3618955
CVSS
9.9

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42967] Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)
Security Advisory
Related note
3621236
CVSS
9.1

Affected system type Java
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42964] Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration
Security Advisory
Related note
3621771
CVSS
9.1

Affected system type Java
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42963] Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer )
Security Advisory
Related note
3620498
CVSS
9.1

Affected system type Java
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42980] Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network
Security Advisory
Related note
3623440
CVSS
8.1

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42953] Missing Authorization check in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3565279
CVSS
8.0

Affected system type BI/BO platform
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2024-53677] Insecure File Operations vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
Security Advisory
Related note
3623255
CVSS
7.7

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42952] Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis
Security Advisory
Related note
3610591
CVSS
7.6

Affected system type ABAP
Patchday 2025-07
Released on 2025/06/10
Description [CVE-2025-42977] Directory Traversal vulnerability in SAP NetWeaver Visual Composer
Security Advisory
Related note
3595143
CVSS
6.9

Affected system type SAPCAR
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-43001] Multiple Privilege Escalation Vulnerabilities in SAPCAR
Security Advisory
Related note
3580384
CVSS
6.7

Affected system type ABAP
Patchday 2025-07
Released on 2025/06/10
Description [CVE-2025-42993] Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)
Security Advisory
Related note
3604212
CVSS
6.1

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42962] Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
Security Advisory
Related note
3617380
CVSS
6.1

Affected system type BI/BO platform
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42985] Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench
Security Advisory
Related note
3595156
CVSS
5.8

Affected system type SAPCAR
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42970] Directory Traversal vulnerability in SAPCAR
Security Advisory
Related note
3607513
CVSS
5.6

Affected system type SAP GUI / Frontend
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42979] Insecure Key & Secret Management vulnerability in SAP GUI for Windows
Security Advisory
Related note
3606103
CVSS
5.4

Affected system type SAP Data Services
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42973] Cross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report)
Security Advisory
Related note
3621037
CVSS
5.0

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42968] Missing Authorization check in SAP NetWeaver (RFC enabled function module)
Security Advisory
Related note
3608991
CVSS
4.3

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42960] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools
Security Advisory
Related note
3610056
CVSS
4.3

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42974] Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
Security Advisory
Related note
3598118
CVSS
4.1

Affected system type BI/BO platform
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42965] Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application.
Security Advisory
Related note
3573199
CVSS
4.1

Affected system type BI/BO platform
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-31326] HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Security Advisory
Related note
3595141
CVSS
4.0

Affected system type SAPCAR
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42971] Memory Corruption vulnerability in SAPCAR
Security Advisory
Related note
3608156
CVSS
2.7

Affected system type ABAP
Patchday 2025-07
Released on 2025/07/08
Description [CVE-2025-42954] Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application).
Security Advisory
Related note
3600840
CVSS
9.6

Affected system type ABAP
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42989] Missing Authorization check in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3604119
CVSS
9.1

Affected system type Java
Patchday 2025-06
Released on 2025/05/13
Description [CVE-2025-42999] Insecure Deserialization in SAP NetWeaver (Visual Composer development server)
Security Advisory
Related note
3609271
CVSS
8.8

Affected system type ABAP
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42982] Information Disclosure in SAP GRC (AC Plugin)
Security Advisory
Related note
3474398
CVSS
8.7

Affected system type BI/BO platform
Patchday 2025-06
Released on 2025/01/14
Description [CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3606484
CVSS
8.5

Affected system type ABAP
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42983] Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis
Security Advisory
Related note
3560693
CVSS
8.2

Affected system type BI/BO platform
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-23192] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
Security Advisory
Related note
3591978
CVSS
7.7

Affected system type ABAP
Patchday 2025-06
Released on 2025/05/13
Description [CVE-2025-43011] Missing Authorization Check in SAP Landscape Transformation (PCL Basis)
Security Advisory
Related note
3610006
CVSS
7.5

Affected system type SAP MDM Server
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42994] Multiple vulnerabilities in SAP MDM Server
Security Advisory
Related note
3590887
CVSS
5.8

Affected system type ABAP
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-31325] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)
Security Advisory
Related note
3594258
CVSS
5.3

Affected system type SAP Business One
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42998] Security misconfiguration vulnerability in SAP Business One Integration Framework
Security Advisory
Related note
3596850
CVSS
4.3

Affected system type ABAP
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42987] Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)
Security Advisory
Related note
3608058
CVSS
4.3

Affected system type ABAP
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42991] Missing Authorization check in SAP S/4HANA (Bank Account Application)
Security Advisory
Related note
3585545
CVSS
3.7

Affected system type BI/BO platform
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42988] Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform
Security Advisory
Related note
3601169
CVSS
3.0

Affected system type SAP UI5
Patchday 2025-06
Released on 2025/06/10
Description [CVE-2025-42990] HTML Injection in Unprotected SAPUI5 applications
Security Advisory
Related note
3594142
CVSS
10.0

Affected system type Java
Exploit available
Patchday 2025-05
Released on 2025/04/24
Description [CVE-2025-31324] Missing Authorization check in SAP NetWeaver (Visual Composer development server)
Security Advisory
Related note
3587115
CVSS
9.9

Affected system type ABAP
Patchday 2025-05
Released on 2025/04/08
Description [CVE-2025-31330] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
Security Advisory
Related note
3600859
CVSS
8.3

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43010] Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))
Security Advisory
Related note
3586013
CVSS
7.9

Affected system type BI/BO platform
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43000] Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)
Security Advisory
Related note
3483344
CVSS
7.7

Affected system type ABAP
Patchday 2025-05
Released on 2024/07/09
Description [CVE-2024-39592] Missing Authorization check in SAP PDCE
Security Advisory
Related note
3577300
CVSS
6.6

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-42997] Information Disclosure vulnerability in SAP Gateway Client
Security Advisory
Related note
3596033
CVSS
6.4

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43003] Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)
Security Advisory
Related note
2719724
CVSS
6.3

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43007] Missing Authorization check in SAP Service Parts Management (SPM)
Security Advisory
Related note
2491817
CVSS
6.3

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43009] Missing Authorization check in SAP Service Parts Management (SPM)
Security Advisory
Related note
3577287
CVSS
6.2

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-31329] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Security Advisory
Related note
3588455
CVSS
6.1

Affected system type Java
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43006] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)
Security Advisory
Related note
3571096
CVSS
5.3

Affected system type SAP Digital...
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43004] Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)
Security Advisory
Related note
3446649
CVSS
4.6

Affected system type ABAP
Patchday 2025-05
Released on 2025/04/22
Description [CVE-2025-31328] Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)
Security Advisory
Related note
3558755
CVSS
4.4

Affected system type SAP Data Services
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-26662] Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console
Security Advisory
Related note
3227940
CVSS
4.3

Affected system type ABAP
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43002] Missing Authorization check in SAP S4/HANA (OData meta-data property)
Security Advisory
Related note
3574520
CVSS
4.3

Affected system type SAP GUI / Frontend
Patchday 2025-05
Released on 2025/05/13
Description [CVE-2025-43005] Information Disclosure vulnerability in SAP GUI for Windows
Security Advisory
Related note
3359825
CVSS
4.3

Affected system type ABAP
Patchday 2025-05
Released on 2025/04/22
Description [CVE-2025-31327] OData meta-data property entity tampering in SAP Field Logistics
Security Advisory
Related note
3572688
CVSS
9.8

Affected system type SAP Financial Consolidation
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-30016] Authentication Bypass Vulnerability in SAP Financial Consolidation
Security Advisory
Related note
3525794
CVSS
8.8

Affected system type BI/BO platform
Patchday 2025-04
Released on 2025/02/11
Description [CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)
Security Advisory
Related note
3554667
CVSS
8.5

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-23186] Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3590984
CVSS
8.1

Affected system type SAP Commerce Cloud
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2024-56337] Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat within SAP Commerce Cloud
Security Advisory
Related note
2927164
CVSS
7.7

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-30014] Directory Traversal vulnerability in SAP Capital Yield Tax Management
Security Advisory
Related note
3543274
CVSS
6.8

Affected system type SAP Commerce Cloud
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-26654] Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)
Security Advisory
Related note
3571093
CVSS
6.7

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-30013] Code Injection vulnerability in SAP ERP BW Business Content
Security Advisory
Related note
3565751
CVSS
6.6

Affected system type BI/BO platform
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-31332] Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform
Security Advisory
Related note
3568307
CVSS
5.3

Affected system type Java
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-26657] Information Disclosure vulnerability in SAP KMC WPC
Security Advisory
Related note
3559307
CVSS
4.7

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-26653] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
Security Advisory
Related note
3558864
CVSS
4.4

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-30017] Missing Authorization check in SAP Solution Manager
Security Advisory
Related note
3525971
CVSS
4.3

Affected system type ABAP
Patchday 2025-04
Released on 2024/10/10
Description [CVE-2025-31333] Odata meta-data tampering in SAP S4CORE entity
Security Advisory
Related note
3568778
CVSS
4.3

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-27437] Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)
Security Advisory
Related note
3539465
CVSS
4.2

Affected system type SAP Commerce Cloud
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-27435] Information Disclosure Vulnerability in SAP Commerce Cloud
Security Advisory
Related note
3565944
CVSS
4.1

Affected system type ABAP
Patchday 2025-04
Released on 2025/04/08
Description [CVE-2025-30015] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
Security Advisory
Related note
3561861
CVSS
3.5

Affected system type ABAP
Patchday 2025-04
Released on 2025/03/11
Description [CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)
Security Advisory
Related note
3563927
CVSS
8.8

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-26661] Missing Authorization check in SAP NetWeaver (ABAP Class Builder)
Security Advisory
Related note
3569602
CVSS
8.8

Affected system type SAP Commerce
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-27434] Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)
Security Advisory
Related note
3566851
CVSS
8.6

Affected system type SAP Commerce Cloud
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2024-38286] Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud
Security Advisory
Related note
3567974
CVSS
8.1

Affected system type SAP Approuter
Patchday 2025-03
Released on 2025/02/11
Description [CVE-2025-24876] Authentication bypass via authorization code injection in SAP Approuter
Security Advisory
Related note
3561045
CVSS
6.8

Affected system type SAP Business One
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-26658] Broken Authentication in SAP Business One (Service Layer)
Security Advisory
Related note
3552824
CVSS
6.1

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-26659] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
Security Advisory
Related note
3562390
CVSS
6.1

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-25242] Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3552144
CVSS
5.7

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-25244] Missing Authorization Check in SAP Business Warehouse (Process Chains)
Security Advisory
Related note
3567246
CVSS
5.4

Affected system type Java
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-27431] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
Security Advisory
Related note
3557469
CVSS
5.4

Affected system type BI/BO platform
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-25245] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Security Advisory
Related note
3558132
CVSS
4.9

Affected system type Kernel
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-0071] Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
Security Advisory
Related note
3557459
CVSS
4.7

Affected system type BI/BO platform
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-0062] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Security Advisory
Related note
3475427
CVSS
4.3

Affected system type SAP Fiori
Patchday 2025-03
Released on 2024/08/13
Description [CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work
Security Advisory
Related note
3557131
CVSS
4.3

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-23188] Missing Authorization check in SAP S/4HANA (RBD)
Security Advisory
Related note
3565835
CVSS
4.3

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-27433] Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
Security Advisory
Related note
3474392
CVSS
4.3

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-26656] Missing Authorization check in S/4HANA (Manage Purchasing Info Records)
Security Advisory
Related note
3557655
CVSS
4.3

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-26660] Broken Access Control in SAP Fiori apps (Posting Library)
Security Advisory
Related note
3549494
CVSS
4.1

Affected system type BI/BO platform
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-23185] Information Disclosure in SAP Business Objects Business Intelligence Platform
Security Advisory
Related note
3562415
CVSS
3.7

Affected system type SAP Commerce Cloud SAP DataHub
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2024-38819] Multiple vulnerabilities in Spring Framework within SAP Commerce Cloud and SAP Datahub
Security Advisory
Related note
3347991
CVSS
3.1

Affected system type ABAP
Patchday 2025-03
Released on 2025/02/24
Description [CVE-2025-26655] Missing Authorization check in SAP JIT(Outbound)
Security Advisory
Related note
3568865
CVSS
2.4

Affected system type ABAP
Patchday 2025-03
Released on 2025/03/11
Description [CVE-2025-27432] Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)
Security Advisory
Related note
3576540
CVSS
0.0

Affected system type BTP
Patchday 2025-03
Released on 2025/03/11
Description Open Source Security Advisory: Best Practices for Securing Spring Boot Actuator Endpoints for applications running on BTP
Security Advisory
Related note
3417627
CVSS
8.8

Affected system type Java
Patchday 2025-02
Released on 2024/02/13
Description [CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)
Security Advisory
Related note
3567551
CVSS
8.6

Affected system type Java
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-25243] Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)
Security Advisory
Related note
3567172
CVSS
7.5

Affected system type SAP Enterprise...
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2024-38819] Multiple vulnerabilities in SAP Enterprise Project Connection
Security Advisory
Related note
3563929
CVSS
7.1

Affected system type SAP HANA Platform
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24868] Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)
Security Advisory
Related note
3555364
CVSS
6.8

Affected system type SAP Commerce Cloud
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24875] SameSite Defense in Depth not applied for some cookies in SAP Commerce
Security Advisory
Related note
3559510
CVSS
6.8

Affected system type SAP Commerce Cloud
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24874] Missing Defense in Depth Against Clickjacking in SAP Commerce (Backoffice)
Security Advisory
Related note
3445708
CVSS
6.1

Affected system type BI/BO platform
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24867] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)
Security Advisory
Related note
3557138
CVSS
6.1

Affected system type Java
Patchday 2025-02
Released on 2025/02/11
Description Update 1 to Security Note 3417627 - [CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)
Security Advisory
Related note
3562336
CVSS
6.0

Affected system type SAP GUI / Frontend
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24870] Insecure Key & Secret Management vulnerability in SAP GUI for Windows
Security Advisory
Related note
3540273
CVSS
5.5

Affected system type SAP Commerce Cloud
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2024-45216] Multiple vulnerabilities in Apache Solr within SAP Commerce Cloud
Security Advisory
Related note
3532025
CVSS
5.4

Affected system type ABAP
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-25241] Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)
Security Advisory
Related note
3526203
CVSS
5.4

Affected system type Java
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-0054] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
Security Advisory
Related note
3561264
CVSS
5.3

Affected system type ABAP
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-23193] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3546470
CVSS
5.3

Affected system type ABAP
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-23187] Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
Security Advisory
Related note
3287784
CVSS
5.3

Affected system type Java
Patchday 2025-02
Released on 2023/04/11
Description [CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service
Security Advisory
Related note
3550027
CVSS
4.3

Affected system type Java
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24869] Information Disclosure vulnerability in SAP NetWeaver Application Server Java
Security Advisory
Related note
3547581
CVSS
4.3

Affected system type ABAP
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-23190] Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)
Security Advisory
Related note
3553753
CVSS
4.3

Affected system type ABAP
Patchday 2025-02
Released on 2025/02/11
Description [CVE-2025-24872] Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)
Security Advisory
Related note
3537476
CVSS
9.9

Affected system type Kernel
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
Security Advisory
Related note
3550708
CVSS
9.9

Affected system type ABAP
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework)
Security Advisory
Related note
3550816
CVSS
8.8

Affected system type ABAP
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Security Advisory
Related note
3542533
CVSS
7.8

Affected system type SAPSetup
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup
Security Advisory
Related note
3542698
CVSS
6.5

Affected system type ABAP
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow
Security Advisory
Related note
3540108
CVSS
6.3

Affected system type Java
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java
Security Advisory
Related note
3502459
CVSS
6.0

Affected system type SAP GUI / Frontend
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java
Security Advisory
Related note
3472837
CVSS
6.0

Affected system type SAP GUI / Frontend
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows
Security Advisory
Related note
3536461
CVSS
5.3

Affected system type ABAP
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Security Advisory
Related note
3514421
CVSS
4.8

Affected system type Java
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)
Security Advisory
Related note
3550674
CVSS
4.3

Affected system type ABAP
Patchday 2025-01
Released on 2025/01/14
Description [CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3492169
CVSS
2.2

Affected system type BI/BO platform
Patchday 2025-01
Released on 2025/01/14
Description Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise)
Security Advisory