Vulnerabilidades em SAP_SE

555 resultados

Análise Vexday

Com 555 CVEs catalogadas e 53 de severidade crítica, o portfólio de vulnerabilidades da SAP SE apresenta uma superfície de ataque considerável, com 45 novas entradas registradas nos últimos 90 dias, indicando ritmo contínuo de descobertas. A taxa de exploração ativa está abaixo da média geral do catálogo, com 2 entradas confirmadas no CISA KEV, mas o EPSS de 0,9936 associado ao CVE-2025-31324 — a vulnerabilidade mais perigosa em exploração ativa no momento — sinaliza probabilidade extremamente elevada de exploração em ambiente real e merece atenção prioritária imediata. A falha mais frequente é CWE-862 (ausência de verificação de autorização), padrão que tende a favorecer escalada de privilégios e acesso não autorizado a recursos protegidos. A existência de 4 CVEs com PoC pública reforça a necessidade de acompanhamento rigoroso do ciclo de patching, especialmente em implantações voltadas a sistemas críticos de negócio.

CVE-2024-30214MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Business ConnectorEPSS 0.3%CVE-2024-41733MEDIUMInformation Disclosure Vulnerability in SAP CommerceEPSS 0.3%CVE-2025-43004MEDIUMSecurity Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)EPSS 0.3%CVE-2024-24739MEDIUMMissing authorization check in SAP BAM (Bank Account Management)EPSS 0.3%CVE-2024-39598MEDIUM[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)EPSS 0.3%CVE-2025-43008MEDIUMMissing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM PortugalEPSS 0.3%CVE-2025-42903MEDIUMUser Enumeration and Sensitive Data Exposure via RFC Function in SAP Financial Service Claims ManagementEPSS 0.3%CVE-2024-39599MEDIUM[CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2024-45285MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2023-40625MEDIUMMissing Authorization check in SAP Manage Purchase Contracts AppEPSS 0.3%CVE-2025-31331MEDIUMAuthorization Bypass vulnerability in SAP NetWeaverEPSS 0.3%CVE-2024-37175MEDIUM[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)EPSS 0.3%CVE-2026-34262MEDIUMInformation Disclosure Vulnerability in SAP HANA Cockpit and HANA Database ExplorerEPSS 0.3%CVE-2024-32732MEDIUMInformation Disclosure vulnerability in SAP BusinessObjects Business Intelligence platformEPSS 0.3%CVE-2024-37180MEDIUM[CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2024-41732MEDIUMImproper Access Control in SAP Netweaver Application Server ABAPEPSS 0.3%CVE-2025-31329MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.3%CVE-2025-42878HIGHSensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)EPSS 0.3%CVE-2024-37178MEDIUMCross-Site Scripting (XSS) vulnerabilities in SAP Financial ConsolidationEPSS 0.3%CVE-2024-22133MEDIUMImproper Access Control in SAP Fiori Front End ServerEPSS 0.3%

← anteriorpágina 13 / 28próxima →