We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Hey there! Glad you made it.
We have found 17 security advices for you to review.
3705094
CVSS
6.5
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3705094 - [CVE-2026-34261] Missing Authorization check in SAP Business Analytics and SAP Content Management
3715097
CVSS
6.5
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3715097 - [CVE-2026-27677] Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)
3716767
CVSS
6.5
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3716767 - [CVE-2026-27679] Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)
3680767
CVSS
6.5
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3680767 - [CVE-2026-34264] Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
3715177
CVSS
6.5
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3715177 - [CVE-2026-27678] Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)
3696239
CVSS
6.5
Affected system type
BI/BO platform
Patchday
2026-04
Released on
2026/04/14
Description
3696239 - [CVE-2025-64775] Denial of Service Vulnerability in SAP BusinessObjects Business Intelligence Platform
3689080
CVSS
6.4
Affected system type
ABAP
Patchday
2026-04
Released on
2026/03/10
Description
3689080 - [CVE-2026-24316] Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP
3645228
CVSS
6.1
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3645228 - [CVE-2026-0512] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
3692004
CVSS
6.1
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3692004 - [CVE-2026-34257] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
3719397
CVSS
6.1
Affected system type
Java
Patchday
2026-04
Released on
2026/04/14
Description
3719397 - [CVE-2026-27674] Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
3730639
CVSS
5.0
Affected system type
HANA platform
Patchday
2026-04
Released on
2026/04/14
Description
3730639 - [CVE-2026-34262] Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
3703813
CVSS
4.9
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3703813 - [CVE-2026-27673] Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
3711682
CVSS
4.3
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3711682 - [CVE-2026-27676] Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)
3530544
CVSS
4.3
Affected system type
ABAP
Patchday
2026-04
Released on
2025/11/11
Description
3530544 - [CVE-2025-42899] Missing Authorization check in SAP S4CORE (Manage Journal Entries)
3703276
CVSS
4.3
Affected system type
ABAP
Patchday
2026-04
Released on
2026/04/14
Description
3703276 - [CVE-2026-27672] Missing Authorization check in Material Master Application
3702191
CVSS
4.2
Affected system type
BI/BO platform
Patchday
2026-04
Released on
2026/04/14
Description
3702191 - [CVE-2026-24318] Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform
3698216
CVSS
4.1
Affected system type
BI/BO platform
Patchday
2026-04
Released on
2026/04/14
Description
3698216 - [CVE-2026-27683] Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform