Vulnerabilidades en SAP_SE

555 resultados
Análisis Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2025-26655LOWMissing Authorization check in SAP JIT(Outbound)EPSS 0.2%CVE-2025-42938MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP PlatformEPSS 0.2%CVE-2025-25241MEDIUMMissing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)EPSS 0.2%CVE-2025-42907MEDIUMServer-Side Request Forgery in SAP BI PlatformEPSS 0.2%CVE-2025-42981MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server ABAPEPSS 0.2%CVE-2025-27431MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server JavaEPSS 0.2%CVE-2025-42897MEDIUMInformation Disclosure vulnerability in SAP Business One (SLD)EPSS 0.2%CVE-2025-42986MEDIUMMissing Authorization check in SAP NetWeaver and ABAP PlatformEPSS 0.2%CVE-2026-0503MEDIUMMissing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)EPSS 0.2%CVE-2025-42911MEDIUMMissing Authorization check in SAP NetWeaver (Service Data Download)EPSS 0.2%CVE-2025-42918MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)EPSS 0.2%CVE-2026-34259HIGHOS Command Injection Vulnerability in SAP Forecasting & ReplenishmentEPSS 0.2%CVE-2026-44746MEDIUMReflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)EPSS 0.2%CVE-2025-42882MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2026-40134MEDIUMMissing Authorization Check in SAP Incentive and Commission ManagementEPSS 0.2%CVE-2026-24326MEDIUMMissing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)EPSS 0.2%CVE-2025-26653MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)EPSS 0.2%CVE-2026-24314MEDIUMInformation Disclosure vulnerability in S/4HANA (Manage Payment Media)EPSS 0.2%CVE-2026-0497MEDIUMMissing Authorization check in Business Server Pages Application (Product Designer Web UI)EPSS 0.2%CVE-2025-42893MEDIUMOpen Redirect vulnerability in SAP Business ConnectorEPSS 0.2%