We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.9.

 

Severity
SAP© Security advisories 22
 System Types
Affected SAP© system types

 

Related note
3581961
CVSS
9.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/04/08
Description [CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
Security Advisory
Related note
3633838
CVSS
9.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42950] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
Security Advisory
Related note
3627998
CVSS
9.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42957] Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
Security Advisory
Related note
3610892
CVSS
9.1

Affected system type Java
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42966] Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)
Security Advisory
Related note
3625403
CVSS
8.8

Affected system type SAP Business One
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42951] Broken Authorization in SAP Business One (SLD)
Security Advisory
Related note
3600846
CVSS
8.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42959] Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476
Security Advisory
Related note
3611184
CVSS
8.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42976] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)
Security Advisory
Related note
3614804
CVSS
6.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42946] Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)
Security Advisory
Related note
3596987
CVSS
6.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42969] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Security Advisory
Related note
3585491
CVSS
6.1

Affected system type Kernel
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42945] HTML Injection vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3617131
CVSS
6.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42981] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Security Advisory
Related note
3629871
CVSS
6.1

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42948] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform
Security Advisory
Related note
3585992
CVSS
5.8

Affected system type ABAP
Patchday 2025-08
Released on 2025/05/13
Description [CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
Security Advisory
Related note
3540688
CVSS
5.5

Affected system type ABAP
Patchday 2025-08
Released on 2025/07/22
Description [CVE-2025-42947] Code Injection vulnerability in SAP FICA ODN framework
Security Advisory
Related note
3602656
CVSS
5.4

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42936] Missing Authorization check in SAP NetWeaver Application Server for ABAP
Security Advisory
Related note
3561792
CVSS
5.3

Affected system type Java
Patchday 2025-08
Released on 2025/03/11
Description [CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)
Security Advisory
Related note
3626722
CVSS
4.9

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42949] Missing Authorization check in ABAP Platform
Security Advisory
Related note
3627845
CVSS
4.5

Affected system type SAP GUI / Frontend
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42943] Information Disclosure in SAP GUI for Windows
Security Advisory
Related note
3616863
CVSS
4.3

Affected system type ABAP
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42934] CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)
Security Advisory
Related note
3601480
CVSS
4.1

Affected system type Kernel
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42935] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)
Security Advisory
Related note
3557179
CVSS
3.5

Affected system type Java
Patchday 2025-08
Released on 2025/07/08
Description [CVE-2025-42978] Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java
Security Advisory
Related note
3611345
CVSS
3.5

Affected system type SAP Cloud Connector
Patchday 2025-08
Released on 2025/08/12
Description [CVE-2025-42955] Missing authorization check in SAP Cloud Connector
Security Advisory