We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Hey there! Glad you made it.
We have found 16 security advices for you to review.
3643385
CVSS
6.9
Affected system type
SAP HANA Client
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42895 ] Code Injection vulnerability in SAP HANA JDBC Client
3666038
CVSS
6.8
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42894] Path Traversal vulnerability in SAP Business Connector
3665900
CVSS
6.8
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42892] OS Command Injection vulnerability in SAP Business Connector
3660969
CVSS
6.5
Affected system type
Java
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42884] JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
3597355
CVSS
6.1
Affected system type
ABAP
Patchday
2025-11
Released on
2025/08/12
Description
[CVE-2025-42942] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP
3665907
CVSS
6.1
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42886] Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
3642398
CVSS
6.1
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42924] Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)
3662000
CVSS
6.1
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42893] Open Redirect vulnerability in SAP Business Connector
3639264
CVSS
5.8
Affected system type
SAP HANA Platform
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42885] Missing authentication in SAP HANA 2.0 (hdbrss)
3651097
CVSS
5.5
Affected system type
SAP GUI / Frontend
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42888] Information Disclosure vulnerability in SAP GUI for Windows
2886616
CVSS
5.4
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42889] SQL Injection vulnerability in SAP Starter Solution (PL SAFT)
3652901
CVSS
5.3
Affected system type
SAP Business One
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42897] Information Disclosure vulnerability in SAP Business One (SLD)
3643603
CVSS
5.3
Affected system type
Java
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42919] Information Disclosure vulnerability in SAP NetWeaver Application Server Java
3627644
CVSS
5.0
Affected system type
ABAP
Patchday
2025-11
Released on
2025/09/09
Description
[CVE-2025-42911] Missing Authorization check in SAP NetWeaver (Service Data Download)
3643337
CVSS
4.3
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42882] Missing Authorization check in SAP NetWeaver Application Server for ABAP
3530544
CVSS
4.3
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42899] Missing Authorization check in SAP S4CORE (Manage Journal Entries)