We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest
CVSS
score is 9.8.
Severity
SAP© Security advisories 16
System Types
Affected SAP© system types
3572688
CVSS
9.8
Affected system type
SAP Financial Consolidation
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-30016] Authentication Bypass Vulnerability in SAP Financial Consolidation
3525794
CVSS
8.8
Affected system type
BI/BO platform
Patchday
2025-04
Released on
2025/02/11
Description
[CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)
3554667
CVSS
8.5
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-23186] Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
3590984
CVSS
8.1
Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2024-56337] Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat within SAP Commerce Cloud
2927164
CVSS
7.7
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-30014] Directory Traversal vulnerability in SAP Capital Yield Tax Management
3543274
CVSS
6.8
Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-26654] Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)
3571093
CVSS
6.7
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-30013] Code Injection vulnerability in SAP ERP BW Business Content
3565751
CVSS
6.6
Affected system type
BI/BO platform
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-31332] Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform
3568307
CVSS
5.3
Affected system type
Java
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-26657] Information Disclosure vulnerability in SAP KMC WPC
3559307
CVSS
4.7
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-26653] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
3558864
CVSS
4.4
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-30017] Missing Authorization check in SAP Solution Manager
3568778
CVSS
4.3
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-27437] Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)
3525971
CVSS
4.3
Affected system type
ABAP
Patchday
2025-04
Released on
2024/10/10
Description
[CVE-2025-31333] Odata meta-data tampering in SAP S4CORE entity
3539465
CVSS
4.2
Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-27435] Information Disclosure Vulnerability in SAP Commerce Cloud
3565944
CVSS
4.1
Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08
Description
[CVE-2025-30015] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
3561861
CVSS
3.5
Affected system type
ABAP
Patchday
2025-04
Released on
2025/03/11
Description
[CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)