Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2024-22124MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Internet Communication ManagerEPSS 0.3%CVE-2024-28164MEDIUMInformation Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)EPSS 0.3%CVE-2024-45286MEDIUMMissing Authorization check in SAP Production and Revenue Accounting (Tobin interface)EPSS 0.3%CVE-2025-0053MEDIUMInformation Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2025-0058MEDIUMInformation Disclosure vulnerability in SAP Business Workflow and SAP Flexible WorkflowEPSS 0.3%CVE-2024-22129MEDIUMCross-Site Scripting (XSS) vulnerability in SAP CompanionEPSS 0.3%CVE-2025-23193MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server ABAPEPSS 0.3%CVE-2024-22130HIGHCross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UIEPSS 0.3%CVE-2024-42376MEDIUMMultiple Missing Authorization Check vulnerabilities in SAP Shared Service FrameworkEPSS 0.3%CVE-2025-43011HIGHMissing Authorization Check in SAP Landscape Transformation (PCL Basis)EPSS 0.3%CVE-2025-42873MEDIUMDenial of Service (DoS) in SAPUI5 framework (Markdown-it component)EPSS 0.3%CVE-2023-35870MEDIUMImproper Access Control in SAP S/4HANA (Manage Journal Entry Template)EPSS 0.3%CVE-2024-25643MEDIUMMissing authorization check in SAP Fiori app (My Overtime Requests)EPSS 0.3%CVE-2024-24741MEDIUMMissing Authorization check in SAP Master Data Governance MaterialEPSS 0.3%CVE-2024-30217MEDIUMMissing Authorization check in SAP S/4 HANA (Cash Management)EPSS 0.3%CVE-2023-41365MEDIUMInformation Disclosure vulnerability in SAP Business One (B1i)EPSS 0.3%CVE-2024-30216MEDIUMMissing Authorization check in SAP S/4 HANA (Cash Management)EPSS 0.3%CVE-2023-37488MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process IntegrationEPSS 0.3%CVE-2024-30215MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Business ConnectorEPSS 0.3%CVE-2024-30214MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Business ConnectorEPSS 0.3%

← previouspage 12 / 28next →