Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2026-27689HIGHDenial of service (DOS) in SAP Supply Chain ManagementEPSS 0.4%CVE-2024-37177HIGHCross-Site Scripting (XSS) vulnerabilities in SAP Financial ConsolidationEPSS 0.4%CVE-2023-41368LOWInsecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)EPSS 0.4%CVE-2023-29188MEDIUMCross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UIEPSS 0.4%CVE-2023-39436MEDIUMInformation Disclosure in SAP Supplier Relationship ManagementEPSS 0.4%CVE-2024-28167MEDIUMMissing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)EPSS 0.4%CVE-2024-32731MEDIUMMissing Authorization check in SAP My Travel RequestsEPSS 0.4%CVE-2025-42940HIGHMemory Corruption vulnerability in SAP CommonCryptoLibEPSS 0.4%CVE-2025-42952HIGHMissing Authorization check in SAP Business Warehouse and SAP Plug-In BasisEPSS 0.4%CVE-2025-42995HIGHMultiple vulnerabilities in SAP MDM ServerEPSS 0.4%CVE-2025-42994HIGHMultiple vulnerabilities in SAP MDM ServerEPSS 0.4%CVE-2024-24740MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)EPSS 0.4%CVE-2025-42993MEDIUMMissing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)EPSS 0.4%CVE-2025-0064HIGHImproper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)EPSS 0.4%CVE-2025-0071MEDIUMInformation Disclosure vulnerability in SAP Web Dispatcher and Internet Communication ManagerEPSS 0.4%CVE-2024-42375MEDIUMMultiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence PlatformEPSS 0.4%CVE-2026-0490HIGHDenial of service (DOS) in SAP BusinessObjects BI PlatformEPSS 0.4%CVE-2026-23689HIGHDenial of service (DOS) in SAP Supply Chain ManagementEPSS 0.4%CVE-2024-34689MEDIUM[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)EPSS 0.4%CVE-2025-42902MEDIUMMemory Corruption vulnerability in SAP Netweaver AS ABAP and ABAP PlatformEPSS 0.4%

← previouspage 10 / 28next →