We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 17 and the highest
CVSS
score is 9.9.
Severity
SAP© Security advisories 17
System Types
Affected SAP© system types
3685270
CVSS
9.9
Affected system type
ABAP
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42880] Code Injection vulnerability in SAP Solution Manager
3668705
CVSS
9.9
Affected system type
ABAP
Patchday
2025-12
Released on
2025/11/11
Description
[CVE-2025-42887] Code Injection vulnerability in SAP Solution Manager
3683579
CVSS
9.6
Affected system type
SAP Commerce Cloud
Patchday
2025-12
Released on
2025/12/09
Description
Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud
3685286
CVSS
9.1
Affected system type
SAP Adaptive Server...
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42928] Deserialization Vulnerability in SAP jConnect - SDK for ASE
3684682
CVSS
8.2
Affected system type
Kernel / Web Dispatcher
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42878] Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)
3640185
CVSS
7.9
Affected system type
Java
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42874] Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)
3650226
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-48976] Denial of service (DOS) in SAP Business Objects
3677544
CVSS
7.5
Affected system type
Kernel / Web Dispatcher
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42877] Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
3672151
CVSS
7.1
Affected system type
ABAP
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42876] Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)
3591163
CVSS
6.6
Affected system type
ABAP
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42875] Missing Authentication check in SAP NetWeaver Internet Communication Framework
3662324
CVSS
6.5
Affected system type
Kernel
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42904] Information Disclosure vulnerability in Application Server ABAP
3662622
CVSS
6.1
Affected system type
Java
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42872] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
3676970
CVSS
5.9
Affected system type
SAP UI5Open UI5
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42873] Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)
3659117
CVSS
5.5
Affected system type
ABAP
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42891] Missing Authorization check in SAP Enterprise Search for ABAP
3651390
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2025-12
Released on
2025/12/09
Description
[CVE-2025-42896] Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform
3610322
CVSS
4.9
Affected system type
ABAP
Patchday
2025-12
Released on
2025/07/08
Description
[CVE-2025-42961] Missing Authorization check in SAP NetWeaver Application Server for ABAP
3626440
CVSS
4.3
Affected system type
ABAP
Patchday
2025-12
Released on
2025/07/08
Description
[CVE-2025-42986] Missing Authorization check in SAP NetWeaver and ABAP Platform