Vulnerabilities in SAP_SE

555 results

Vexday analysis

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-42875MEDIUMMissing Authentication check in SAP NetWeaver Internet Communication FrameworkEPSS 0.3%CVE-2024-41736MEDIUMInformation Disclosure vulnerability in SAP Permit to WorkEPSS 0.3%CVE-2024-21738MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP PlatformEPSS 0.3%CVE-2025-24874MEDIUMMissing Defense in Depth Against Clickjacking in SAP Commerce BackofficeEPSS 0.3%CVE-2024-47592MEDIUMInformation Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)EPSS 0.3%CVE-2024-39593MEDIUM[CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape ManagementEPSS 0.3%CVE-2025-42961MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.3%CVE-2024-37172MEDIUM[CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)EPSS 0.3%CVE-2025-42930MEDIUMDenial of Service (DoS) vulnerability in SAP Business Planning and ConsolidationEPSS 0.3%CVE-2025-42947MEDIUMCode Injection vulnerability in SAP FICA ODN frameworkEPSS 0.3%CVE-2024-45282MEDIUMHTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)EPSS 0.3%CVE-2025-42970MEDIUMDirectory Traversal vulnerability in SAPCAREPSS 0.3%CVE-2024-44121MEDIUMInformation Disclosure in SAP S/4 HANA (Statutory Reports)EPSS 0.3%CVE-2025-42949MEDIUMMissing Authorization check in ABAP PlatformEPSS 0.3%CVE-2026-40136MEDIUMDenial of service (DoS) in SAP Financial ConsolidationEPSS 0.3%CVE-2024-33009MEDIUMSQL injection vulnerability in SAP Global Label Management (GLM)EPSS 0.3%CVE-2025-42943MEDIUMInformation Disclosure in SAP GUI for WindowsEPSS 0.3%CVE-2024-41728LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2024-4139MEDIUMMissing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)EPSS 0.3%CVE-2024-4138MEDIUMMissing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)EPSS 0.3%

← previouspage 14 / 28next →