We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 20 and the highest
CVSS
score is 9.9.
Severity
SAP© Security advisories 20
System Types
Affected SAP© system types
3687749
CVSS
9.9
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0501] SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials – General Ledger)
3683579
CVSS
9.6
Affected system type
SAP Commerce Cloud
Patchday
2026-01
Released on
2025/12/09
Description
Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud
3668679
CVSS
9.6
Affected system type
SAP Solution Manager...
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0500] Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)
3694242
CVSS
9.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0498] Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
3697979
CVSS
9.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0491] Code Injection vulnerability in SAP Landscape Transformation
3685286
CVSS
9.1
Affected system type
SAP Adaptive Server...
Patchday
2026-01
Released on
2025/12/09
Description
[CVE-2025-42928] Deserialization Vulnerability in SAP jConnect - SDK for ASE
3691059
CVSS
8.8
Affected system type
HANA
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0492] Privilege escalation vulnerability in SAP HANA database
3675151
CVSS
8.4
Affected system type
Kernel
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0507] OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK
3565506
CVSS
8.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0511] Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)
3688703
CVSS
8.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0506] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
3681523
CVSS
6.4
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0503] Missing Authorization check in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)
3687372
CVSS
6.1
Affected system type
Java
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0499] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
3666061
CVSS
6.1
Affected system type
SAP Business Connector
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0514] Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
3638716
CVSS
4.7
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0513] Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
3677111
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0497] Missing Authorization check in Business Server Pages Application (Product Designer Web UI)
3655227
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0494] Information Disclosure vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)
3655229
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0493] Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)
3122486
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/27
Description
[CVE-2026-23683] Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)
3657998
CVSS
3.8
Affected system type
IDM
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0504] Insufficient Input Handling in JNDI Operations of SAP Identity Management
3593356
CVSS
3.0
Affected system type
Java
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0510] Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping