Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

SAP_SE — Vulnerabilities & Security Advisories 555

Browse all 555 CVE security advisories affecting SAP_SE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SAP SE operates as a global leader in enterprise application software, primarily providing ERP solutions that manage complex business processes, supply chains, and human resources for large organizations. This extensive attack surface has resulted in 527 recorded CVEs, reflecting the critical nature of its infrastructure. Historically, vulnerabilities within SAP systems frequently involve remote code execution, SQL injection, and cross-site scripting, often stemming from complex integrations and legacy components. Privilege escalation remains a significant concern, allowing unauthorized users to gain administrative access. While SAP maintains rigorous security protocols, past incidents highlight risks associated with default configurations and unpatched middleware. The company actively issues security patches, yet the sheer volume of disclosed flaws underscores the challenges of securing highly interconnected, mission-critical enterprise environments against sophisticated cyber threats.

Top products by SAP_SE: SAP BusinessObjects Business Intelligence Platform SAP NetWeaver Application server for ABAP and ABAP Platform SAP NetWeaver Application Server for ABAP SAP NetWeaver Application Server ABAP SAP NetWeaver AS ABAP and ABAP Platform SAP GUI for Windows SAP NetWeaver Application Server Java SAP NetWeaver Application Server ABAP and ABAP Platform SAP Business Connector SAP CRM WebClient UI SAP Commerce Cloud SAP Enable Now SAP Fiori App (Intercompany Balance Reconciliation) SAP Supplier Relationship Management (Live Auction Cockpit) SAP NetWeaver Enterprise Portal SAP Financial Consolidation SAP Commerce SAPCAR SAP NetWeaver AS Java SAP NetWeaver SAP Solution Manager SAP PowerDesigner SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) SAP MDM Server SAP HCM (My Timesheet Fiori 2.0 application) SAP Business One (SLD) SAP Cloud Connector SAP BusinessObjects Business Intelligence Platform (Web Intelligence) SAP CommonCryptoLib SAP Supplier Relationship Management
CVE IDTitleCVSSSeverityPublished
CVE-2026-44757 Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager — SAP Wily Introscope Enterprise ManagerCWE-79 4.7 Medium2026-06-09
CVE-2026-44755 Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform — SAP Business Objects Business Intelligence PlatformCWE-346 4.3 Medium2026-06-09
CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs — ODP Data Replication APIsCWE-862 6.6 Medium2026-06-09
CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform — SAP NetWeaver AS ABAP and ABAP PlatformCWE-862 7.1 High2026-06-09
CVE-2026-44750 Missing Authorization check in SAP MDG (Review Match Groups Application) — SAP MDG (Review Match Groups Application)CWE-862 4.3 Medium2026-06-09
CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform — SAP NetWeaver AS ABAP and ABAP PlatformCWE-347 9.9 Critical2026-06-09
CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet) — SAP NetWeaver AS Java (JDBC Test Servlet)CWE-79 6.1 Medium2026-06-09
CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA — SAP S/4HANACWE-89 6.5 Medium2026-06-09
CVE-2026-44743 Security Misconfiguration vulnerability in SAP Business Objects — SAP Business ObjectsCWE-497 3.7 Low2026-06-09
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) — SAP NetWeaver Application Server Java (Web Container)CWE-35 9.0 Critical2026-06-09
CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform — SAP NetWeaver AS ABAP and ABAP PlatformCWE-121 9.8 Critical2026-06-09
CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad) — SAP Fiori (launchpad)CWE-35 4.2 Medium2026-06-09
CVE-2026-44749 Information Disclosure vulnerability in SAP Gateway — SAP GatewayCWE-497 4.3 Medium2026-05-26
CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-276 3.1 Low2026-05-14
CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER) — Business Server Pages Application (TAF_APPLAUNCHER)CWE-79 6.1 Medium2026-05-12
CVE-2026-40136 Denial of service (DoS) in SAP Financial Consolidation — SAP Financial ConsolidationCWE-404 4.3 Medium2026-05-12
CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP PlatformCWE-77 6.5 Medium2026-05-12
CVE-2026-40134 Missing Authorization Check in SAP Incentive and Commission Management — SAP Incentive and Commission ManagementCWE-862 4.3 Medium2026-05-12
CVE-2026-40133 Missing Authorization check in SAP S/4HANA Condition Maintenance — SAP S/4HANA Condition MaintenanceCWE-862 6.3 Medium2026-05-12
CVE-2026-40132 Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) — SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)CWE-862 5.4 Medium2026-05-12
CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library — SAP HANA Deployment Infrastructure (HDI) deploy libraryCWE-89 3.4 Low2026-05-12
CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform — SAP Application Server ABAP for SAP NetWeaver and ABAP PlatformCWE-94 4.3 Medium2026-05-12
CVE-2026-34263 Missing authentication check in SAP Commerce cloud configuration — SAP Commerce cloud configurationCWE-459 9.6 Critical2026-05-12
CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP) — SAP S/4HANA (SAP Enterprise Search for ABAP)CWE-89 9.6 Critical2026-05-12
CVE-2026-34259 OS Command Injection Vulnerability in SAP Forecasting & Replenishment — SAP Forecasting & ReplenishmentCWE-77 8.2 High2026-05-12
CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI) — SAPUI5 (Search UI)CWE-451 4.7 Medium2026-05-12
CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages) — SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)CWE-79 4.7 Medium2026-05-12
CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-352 5.4 Medium2026-05-12
CVE-2026-34264 Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA — SAP Human Capital Management for SAP S/4HANACWE-204 6.5 Medium2026-04-14
CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer — SAP HANA Cockpit and HANA Database ExplorerCWE-522 5.0 Medium2026-04-14

This page lists every published CVE security advisory associated with SAP_SE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.