Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

SAP — Vulnerabilities & Security Advisories 159

Browse all 159 CVE security advisories affecting SAP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products SAP:NetWeaver AS for ABAP and ABAP PlatformSAP Fiori ClientSAP BusinessObjects Business Intelligence PlatformSAP HANA extended application servicesNetWeaver AS ABAP (BSP Framework)NetWeaver Application Server for ABAP and ABAP PlatformBusinessObjects Business Intelligence Platform (Web Services)SAP Internet Graphics Server (IGS)NetWeaver AS for JavaSAP BusinessObjects Business IntelligenceSAP HANACRM (WebClient UI)Application Interface Framework (Message Dashboard)Business Planning and ConsolidationSAP NetWeaver AS Java (ServerCore)NetWeaver Process IntegrationSAP Adaptive Server Enterprise (ASE)Solution ManagerSAP BusinessObjects Business Intelligence SuiteSAP Enterprise Financial ServicesSolution Manager (BSP Application)NetWeaver ABAP Server and ABAP PlatformNetWeaver AS ABAP and ABAP PlatformHCM Fiori App My Forms (Fiori 2.0)Bank Account Management (Manage Banks)Commerce Webservices 2.0 (Swagger UI)Sourcing and SAP Contract Lifecycle ManagementBusinessObjects Business Intelligence PlatformDisclosure ManagementBASIS
CVE IDTitleCVSSSeverityPaused
CVE-2023-29189 HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) — CRM (WebClient UI)CWE-23 5.4 Medium2023-04-11
CVE-2023-29187 DLL Hijacking vulnerability in SapSetup (Software Installation Program) — SapSetup (Software Installation Program)CWE-427 6.7 Medium2023-04-11
CVE-2023-29186 Directory/Path Traversal vulnerability in SAP NetWeaver. — NetWeaver (BI CONT ADDON)CWE-22 8.7 High2023-04-11
CVE-2023-29185 Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages) — NetWeaver AS for ABAP (Business Server Pages)CWE-400 5.3 Medium2023-04-11
CVE-2023-29112 Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring) — Application Interface Framework (Message Monitoring)CWE-80 3.7 Low2023-04-11
CVE-2023-29111 Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service) — Application Interface Framework (ODATA service)CWE-200 3.1 Low2023-04-11
CVE-2023-29110 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) — Application Interface Framework (Message Dashboard)CWE-80 3.7 Low2023-04-11
CVE-2023-29109 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) — Application Interface Framework (Message Dashboard)CWE-1236 4.4 Medium2023-04-11
CVE-2023-29108 IP filter vulnerability in ABAP Platform and SAP Web Dispatcher — ABAP Platform and SAP Web DispatcherCWE-923 5.0 Medium2023-04-11
CVE-2023-28765 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management ) — BusinessObjects Business Intelligence Platform (Promotion Management)CWE-200 9.8 Critical2023-04-11
CVE-2023-28763 Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP PlatformCWE-400 6.5 Medium2023-04-11
CVE-2023-28761 Missing Authentication check in SAP NetWeaver Enterprise Portal — NetWeaver Enterprise PortalCWE-306 6.5 Medium2023-04-11
CVE-2023-27897 Code Injection vulnerability in SAP CRM — CRMCWE-94 6.0 Medium2023-04-11
CVE-2023-27497 Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector) — Diagnostics Agent (EventLogServiceCollector)CWE-306 10.0 Critical2023-04-11
CVE-2023-27267 Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge) — Diagnostics Agent (OSCommand Bridge)CWE-306 9.0 Critical2023-04-11
CVE-2023-26458 Information Disclosure vulnerability in SAP Landscape Management — Landscape ManagementCWE-668 6.8 Medium2023-04-11
CVE-2023-24527 Improper Access Control in SAP NetWeaver AS Java for Deploy Service — NetWeaver AS Java for Deploy ServiceCWE-306 5.3 Medium2023-04-11
CVE-2023-1903 Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) — HCM Fiori App My Forms (Fiori 2.0)CWE-862 4.3 Medium2023-04-11
CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android — Authenticator for AndroidCWE-267 6.1 Medium2023-03-14
CVE-2023-27893 Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI) — Solution Manager and ABAP managed systemsCWE-94 8.8 High2023-03-14
CVE-2023-27501 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP PlatformCWE-22 8.7 High2023-03-14
CVE-2023-27500 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)CWE-22 9.6 Critical2023-03-14
CVE-2023-27498 Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL) — Host Agent (SAPOSCOL)CWE-121 7.2 High2023-03-14
CVE-2023-27894 Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform — BusinessObjects Business Intelligence Platform (Web Services)CWE-200 5.0 Medium2023-03-14
CVE-2023-27896 Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform — BusinessObjects Business Intelligence Platform (Web Services)CWE-918 6.5 Medium2023-03-14
CVE-2023-27271 Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform — BusinessObjects Business Intelligence Platform (Web Services)CWE-918 6.5 Medium2023-03-14
CVE-2023-27270 Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver Application Server for ABAP and ABAP PlatformCWE-400 6.5 Medium2023-03-14
CVE-2023-27269 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform — NetWeaver Application Server for ABAP and ABAP PlatformCWE-22 9.6 Critical2023-03-14
CVE-2023-27268 Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service) — NetWeaver AS Java (Object Analyzing Service)CWE-284 5.3 Medium2023-03-14
CVE-2023-26461 XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal) — NetWeaver (SAP Enterprise Portal)CWE-611 6.8 Medium2023-03-14

This page lists every published CVE security advisory associated with SAP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.