Vulnerabilidades en SAP_SE

555 resultados

Análisis Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-30010MEDIUMMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)EPSS 0.3%CVE-2025-42894MEDIUMPath Traversal vulnerability in SAP Business ConnectorEPSS 0.3%CVE-2026-0511HIGHMultiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.3%CVE-2025-42896MEDIUMServer-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence PlatformEPSS 0.3%CVE-2024-42372MEDIUMMissing Authorization check in SAP NetWeaver AS Java (System Landscape Directory)EPSS 0.3%CVE-2025-42891MEDIUMMissing Authorization check in SAP Enterprise Search for ABAPEPSS 0.3%CVE-2026-44749MEDIUMInformation Disclosure vulnerability in SAP GatewayEPSS 0.3%CVE-2025-42933HIGHInsecure Storage of Sensitive Information in SAP Business One (SLD)EPSS 0.3%CVE-2024-37174MEDIUM[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)EPSS 0.3%CVE-2024-34685MEDIUM[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditorEPSS 0.3%CVE-2024-39594MEDIUM[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and SimulationEPSS 0.3%CVE-2026-40129MEDIUMCode Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP PlatformEPSS 0.3%CVE-2024-45279MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)EPSS 0.3%CVE-2025-43002MEDIUMMissing Authorization check in SAP S4/HANA (OData meta-data property)EPSS 0.3%CVE-2025-30009MEDIUMMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)EPSS 0.3%CVE-2025-42876HIGHMissing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)EPSS 0.3%CVE-2025-0062MEDIUMCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)EPSS 0.3%CVE-2025-0054MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server JavaEPSS 0.3%CVE-2025-27433MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.3%CVE-2024-42373MEDIUMMissing Authorization Check in SAP Student Life Cycle Management (SLcM)EPSS 0.3%

← anteriorpágina 17 / 28siguiente →