Vulnerabilities in SAP_SE

555 results
Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2024-37171MEDIUM[CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)EPSS 0.4%CVE-2026-0500CRITICALRemote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)EPSS 0.4%CVE-2024-22128MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTMLEPSS 0.4%CVE-2023-40624MEDIUMCode Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)EPSS 0.3%CVE-2023-31407MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Business Planning and ConsolidationEPSS 0.3%CVE-2023-39437HIGHCross-Site Scripting (XSS) vulnerability in SAP Business OneEPSS 0.3%CVE-2023-33988MEDIUMCross-Site Scripting vulnerability in SAP Enable NowEPSS 0.3%CVE-2024-28166LOWMultiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence PlatformEPSS 0.3%CVE-2023-36918MEDIUMCross-Site Scripting vulnerability in SAP Enable NowEPSS 0.3%CVE-2024-33007LOWClient-side script execution vulnerability in SAP UI5(PDFViewer)EPSS 0.3%CVE-2023-23856MEDIUMIn SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content typeEPSS 0.3%CVE-2026-0509CRITICALMissing Authorization check in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.3%CVE-2025-42982HIGHInformation Disclosure in SAP GRC (AC Plugin)EPSS 0.3%CVE-2026-24324MEDIUMDenial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)EPSS 0.3%CVE-2025-23192HIGHCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)EPSS 0.3%CVE-2024-33000LOWMissing Authorization check in SAP Bank Account ManagementEPSS 0.3%CVE-2024-33002MEDIUMCross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)EPSS 0.3%CVE-2023-35874MEDIUMImproper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP PlatformEPSS 0.3%CVE-2024-24742MEDIUMCross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)EPSS 0.3%CVE-2023-42474MEDIUMCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web IntelligenceEPSS 0.3%