Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 771 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 771
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22130] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
Affected system
type
Java
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-24743] XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-24742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-24739] Missing authorization check in SAP Bank Account Management
Affected system
type
Java
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22132] Code Injection vulnerability in SAP IDES Systems
Affected system
type
SAP Cloud Connector
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-25642] Improper Certificate Validation in SAP Cloud Connector
Affected system
type
Kernel
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-24740] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-25643] Missing authorization check in SAP Fiori app ("My Overtime Requests")
Affected system
type
SAP Enable Now
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22129] Cross-Site Scripting (XSS) vulnerability in SAP Companion
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22131] Code Injection vulnerability in SAP ABA (Application Basis)
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/01
Description
[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML
Affected system
type
Kernel / Web Dispatcher
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-22124] Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
Affected system
type
ABAP
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-21735] Improper Authorization check in SAP LT Replication Server
Affected system
type
SAP GUI / Frontend
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-22125] Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
Affected system
type
Kernel
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2023-44487] Denial of service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application server ABAP, and ABAP Platform
Affected system
type
BTP
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA
Affected system
type
SAP Marketing
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-21734] URL Redirection vulnerability in SAP Marketing (Contacts App)
Affected system
type
SAP Edge Integration
Patchday
2024-01
Released
on
2024/01/09
Description
[Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell
Affected system
type
ABAP
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-21738] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
Affected system
type
ABAP
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-21737] Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
Affected system
type
ABAP
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2024-21736] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
Affected system
type
SAP UI5
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49584] Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
Denial of service (DoS) vulnerability in JSZip library bundled within SAPUI5
Affected system
type
SAP Cloud Connector
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49578] Denial of service (DOS) in SAP Cloud Connector
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49587] Command Injection vulnerability in SAP Solution Manager
Affected system
type
BTP
Patchday
2023-12
Released
on
2023/12/12
Description
[Multiple CVEs] Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
Affected system
type
BI/BO platform
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-42478] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49577] Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
Update 1 to 3350297 - [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
Affected system
type
BI/BO platform
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-42476] Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
Affected system
type
Android SDK
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-6542] Missing Authorization Check in SAP EMARSYS SDK ANDROID
Affected system
type
Java
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-42479] Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct
Affected system
type
SAP GUI / Frontend
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49580] Information disclosure vulnerability in SAP GUI for WIndows and SAP GUI for Java
Affected system
type
SAP Commerce
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-42481] Improper Access Control vulnerability in SAP Commerce Cloud
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
[CVE-2023-49581] SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
SAP Business One
Patchday
2023-11
Released
on
2023/11/14
Description
[CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation
Affected system
type
Java
Patchday
2023-11
Released
on
2023/11/14
Description
[CVE-2023-42480] Information Disclosure in NetWeaver AS Java Logon
Affected system
type
Kernel
Patchday
2023-11
Released
on
2023/11/14
Description
[CVE-2023-41366] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
SAP Business One
Patchday
2023-10
Released
on
2023/10/10
Description
[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)
Affected system
type
SAP PowerDesigner
Patchday
2023-10
Released
on
2023/10/10
Description
[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)
Affected system
type
ABAP
Patchday
2023-10
Released
on
2023/10/10
Description
[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting
Affected system
type
Java
Patchday
2023-10
Released
on
2023/10/26
Description
[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)
Affected system
type
BI/BO platform
Patchday
2023-10
Released
on
2023/10/10
Description
[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence
Affected system
type
Java
Patchday
2023-10
Released
on
2023/10/10
Description
Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
Affected system
type
BI/BO platform
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-37489] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)
Affected system
type
ABAP
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40624] Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)
Affected system
type
ABAP
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40625] Missing Authorization check in Manage Purchase Contracts App
Affected system
type
BI/BO platform
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
Java
Patchday
2023-09
Released
on
2023/09/12
Description
Denial of service (DOS) vulnerability due to the usage of vulnerable version of Commons File Upload in SAP Quotation Management Insurance (FS-QUO)
Affected system
type
SAP BI
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)
Affected system
type
PowerDesigner
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40621] Code Injection vulnerability in SAP PowerDesigner Client
Affected system
type
BI/BO platform
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
Affected system
type
Kernel
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40308] Memory Corruption vulnerability in SAP CommonCryptoLib
Affected system
type
ABAP
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-41368] Insecure Direct Object Reference (IDOR) vulnerability in SAP S/4HANA (Manage checkbook apps)
Affected system
type
Kernel, HANA...
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib
Affected system
type
ABAP
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-41369] External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)
Affected system
type
Java
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-41367] Missing Authentication check in SAP NetWeaver (Guided Procedures)
Affected system
type
BI/BO platform
Patchday
2023-08
Released
on
2023/08/08
Description
Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)
Affected system
type
SAP Commerce Cloud
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)
Affected system
type
SAP PowerDesigner
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner
Affected system
type
SAP Business One
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)
Affected system
type
SAP PowerDesigner
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner
Affected system
type
BI/BO platform
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform
Affected system
type
Kernel
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server
Affected system
type
Java
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration
Affected system
type
BI/BO platform
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)
Affected system
type
ABAP
Patchday
2023-08
Released
on
2014/11/11
Description
Switchable authorization checks for RFC in SRM
Affected system
type
ABAP
Patchday
2023-08
Released
on
2023/07/11
Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
Affected system
type
ABAP
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management
Affected system
type
SAP Business One
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)
Affected system
type
SAP Commerce Cloud
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-39439] Improper authentication in SAP Commerce Cloud
Affected system
type
ABAP
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)
Affected system
type
ABAP
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
SAP UI5
Patchday
2023-08
Released
on
2023/08/08
Description
Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5
Affected system
type
SAP Host Agent
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent
Affected system
type
SAP Business One
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)
Affected system
type
SAP Enable Now
Patchday
2023-07
Released
on
2023/07/11
Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)
Affected system
type
Sybase platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere
Affected system
type
BI/BO platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
Affected system
type
Kernel
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security
Affected system
type
BI/BO platform
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform
Affected system
type
Java
Patchday
2023-07
Released
on
2023/07/11
Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)
Affected system
type
ABAP
Patchday
2023-06
Released
on
2023/06/13
Description
Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
Affected system
type
ABAP
Patchday
2023-06
Released
on
2023/06/13
Description
[CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System)
Affected system
type
Java
Patchday
2023-06
Released
on
2023/06/13
Description
[CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal)
Affected system
type
ABAP
Patchday
2023-06
Released
on
2023/06/13
Description
[CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)
Affected system
type
SAP...
Patchday
2023-06
Released
on
2023/06/13
Description
[CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository)
Affected system
type
SAP UI5
Patchday
2023-06
Released
on
2023/06/13
Description
[CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management)
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform
Affected system
type
SAP Commerce
Patchday
2023-05
Released
on
2023/05/09
Description
Denial of service (DOS) in SAP Commerce
Affected system
type
ABAP
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5
Affected system
type
SAP Integrated...
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel
Affected system
type
SAP PowerDesigner
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)
Affected system
type
ABAP
Patchday
2023-05
Released
on
2023/05/23
Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
Affected system
type
ABAP
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
Affected system
type
ABAP
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
Affected system
type
SAP GUI / Frontend
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows
Affected system
type
ABAP
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)
Affected system
type
Reprise License Manager
Patchday
2023-05
Released
on
2023/05/09
Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager
Affected system
type
SAP Plant Connectivity
Patchday
2023-05
Released
on
2023/05/23
Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing
Affected system
type
Java
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)
Affected system
type
SAP Commerce
Patchday
2023-05
Released
on
2023/05/09
Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)
Affected system
type
Java
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
SAP GUI / Frontend
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)
Affected system
type
SAP Commerce
Patchday
2023-04
Released
on
2023/04/11
Description
Remote Code Execution vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)
Affected system
type
Kernel
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
Affected system
type
Java
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal
Affected system
type
Java
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)
Affected system
type
BI/BO platform
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)
Affected system
type
Java
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM
Affected system
type
Kernel
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher
Affected system
type
ABAP
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
Affected system
type
Java
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform
Affected system
type
BI/BO platform
Patchday
2023-03
Released
on
2023/03/14
Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
Java
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java
Affected system
type
BI/BO platform
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
Affected system
type
BI/BO platform
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
Affected system
type
Java
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
Affected system
type
SAP Authenticator for Android
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
SAP Host Agent
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server
Affected system
type
Java
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)
Affected system
type
Java
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2
Affected system
type
BI/BO platform
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)
Affected system
type
BI/BO platform
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
Affected system
type
BI/BO platform
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
SAP Host Agent
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-02
Released
on
2023/02/14
Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)
Affected system
type
BI/BO platform
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)
Affected system
type
ABAP
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
SAP Host Agent
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)
Affected system
type
ABAP
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)
Affected system
type
BI/BO platform
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)
Affected system
type
Kernel / ABAP
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
Java
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java
Affected system
type
SAP Business Planning...
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS
Affected system
type
BI/BO platform
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management
Affected system
type
BI/BO platform
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)
Affected system
type
BI/BO platform
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)
Affected system
type
SAP Commerce
Patchday
2022-12
Released
on
2022/12/13
Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)
Affected system
type
SAP Commerce
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)
Affected system
type
SAP Disclosure Management
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management
Affected system
type
SAP UI5 SAP Fiori
Patchday
2022-11
Released
on
2022/11/08
Description
Insufficient Session Expiration in Central Fiori Launchpad
Affected system
type
Sybase platform
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere
Affected system
type
SAP Financial Consolidation
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
Affected system
type
Java
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct
Affected system
type
ABAP
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
BI/BO platform
Exploit available
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer
Affected system
type
SAP GUI / Frontend
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows
Affected system
type
ABAP
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
ABAP, Java
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2021-20223] Multiple Vulnerabilities in SQlite bundled with SAPUI5
Affected system
type
BI/BO platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP
Affected system
type
SAP Customer Data Cloud
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)
Affected system
type
SAP Customer Data Cloud
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)
Affected system
type
Java
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
Affected system
type
Sybase platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-10
Released
on
2022/10/11
Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author
Affected system
type
BI/BO platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)
Affected system
type
BI/BO platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)
Affected system
type
ABAP
Patchday
2022-10
Released
on
2022/10/11
Description
Missing authorization check in SAP Automotive Solutions
Affected system
type
ABAP
Patchday
2022-10
Released
on
2022/10/11
Description
Information Disclosure vulnerability in Master Data Governance
Affected system
type
BI/BO platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-10
Released
on
2022/10/11
Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer
Affected system
type
BI/BO platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)
Affected system
type
SAP Enable Now
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now
Affected system
type
BI/BO platform
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console
Affected system
type
SAP Commerce
Patchday
2022-10
Released
on
2022/10/11
Description
Cross-Site Scripting (XSS) vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2022-09
Released
on
2022/09/13
Description
Information Disclosure vulnerability in SAP CRM WebClient
Affected system
type
ABAP
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP
Affected system
type
ABAP
Patchday
2022-09
Released
on
2022/09/13
Description
Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN
Affected system
type
BI/BO platform
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)
Affected system
type
Java
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)
Affected system
type
ABAP
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management
Affected system
type
ABAP
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)
Affected system
type
SAP Business One
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One
Affected system
type
SAP Host Agent
Patchday
2022-09
Released
on
2022/09/13
Description
[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix
Affected system
type
ABAP
Patchday
2022-09
Released
on
2022/09/13
Description
Update 1 to Security Note 3165333 - [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2022-08
Released
on
2022/08/09
Description
[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)
Affected system
type
SAP Authenticator for Android
Patchday
2022-08
Released
on
2022/08/09
Description
[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android
Affected system
type
BI/BO platform
Patchday
2022-08
Released
on
2022/08/09
Description
[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)
Affected system
type
SAP Landscape...
Patchday
2022-08
Released
on
2022/07/26
Description
Information Disclosure in SAP Landscape Management
Affected system
type
SAP Enable Now
Patchday
2022-08
Released
on
2022/08/09
Description
[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager
Affected system
type
ABAP
Patchday
2022-08
Released
on
2022/08/09
Description
Missing Authorization check in Portugal Digital Signature
Affected system
type
BI/BO platform
Patchday
2022-08
Released
on
2022/08/09
Description
[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)
Affected system
type
SAP GUI / Frontend
Patchday
2022-08
Released
on
2022/08/09
Description
Information Disclosure vulnerability in SAP Business Client
Affected system
type
BI/BO platform
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)
Affected system
type
ABAP
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-31592] Missing Authorization check in EA-DFPS
Affected system
type
Java
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
BI/BO platform
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects
Affected system
type
ABAP
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)
Affected system
type
Java
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
Java
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2022-07
Released
on
2022/07/12
Description
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
Java
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal
Affected system
type
SAP Business One
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)
Affected system
type
BI/BO platform
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)
Affected system
type
Java
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC
Affected system
type
BI/BO platform
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x
Affected system
type
SAP Business One
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35168] Denial of Service vulnerability in SAP Business One
Affected system
type
ABAP
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA
Affected system
type
BI/BO platform
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)
Affected system
type
Java
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
BI/BO platform
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)
Affected system
type
ABAP
Patchday
2022-07
Released
on
2022/07/12
Description
Information Disclosure vulnerability in ABAP Platform
Affected system
type
SAP Business One
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-31593] Code Injection vulnerability in SAP Business One
Affected system
type
SAP Business One
Patchday
2022-07
Released
on
2022/07/12
Description
[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One
Affected system
type
ABAP
Patchday
2022-07
Released
on
2022/06/28
Description
Missing Authorization Check in multiple components under SAP Automotive Solutions
Affected system
type
ABAP Java HANA platform
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database
Affected system
type
Java
Patchday
2022-06
Released
on
2022/06/14
Description
Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services
Affected system
type
SAP PowerDesigner
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-06
Released
on
2022/06/14
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
Java
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)
Affected system
type
SAP...
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)
Affected system
type
SAP Financial Consolidation
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation
Affected system
type
SAProuter
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform
Affected system
type
ABAP
Patchday
2022-06
Released
on
2022/06/14
Description
Missing Authorization check in SAP ERP HCM
Affected system
type
ABAP SAP Host Agent
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent
Affected system
type
UI5
Patchday
2022-06
Released
on
2022/06/14
Description
Unsafe use of target blank in SAP Marketing Campaigns
Affected system
type
UI5
Patchday
2022-06
Released
on
2022/06/14
Description
Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App
Affected system
type
SAP Adaptive Server...
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)
Affected system
type
ABAP
Patchday
2022-06
Released
on
2022/06/14
Description
[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.
Affected system
type
ABAP
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)
Affected system
type
SAP Host Agent Kernel
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform
Affected system
type
SAP Business One Cloud
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud
Affected system
type
ABAP
Patchday
2022-05
Released
on
2022/05/10
Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end
Affected system
type
ABAP
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP
Affected system
type
ABAP
Patchday
2022-05
Released
on
2022/05/10
Description
Missing Authorization check for UI5 flexibility key user functionality
Affected system
type
SAP Host Agent
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile
Affected system
type
ABAP
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
UI5
Patchday
2022-05
Released
on
2022/05/10
Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end
Affected system
type
Kernel
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)
Affected system
type
BI/BO platform
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update
Affected system
type
SAP Commerce
Patchday
2022-04
Released
on
2022/04/18
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
Update 1 to Security Note 3022622 - [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services)
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform
Affected system
type
SAP GUI / Frontend
Patchday
2022-04
Released
on
2022/04/12
Description
Information Disclosure vulnerability in SAP GUI for Windows
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27667] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)
Affected system
type
SAP HANA Platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services
Affected system
type
Kernel
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
SAP Customer Checkout
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)
Affected system
type
BI/BO platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-04
Released
on
2022/04/12
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
SAP Commerce
Patchday
2022-04
Released
on
2022/04/12
Description
Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce
Affected system
type
SAP Customer...
Patchday
2022-04
Released
on
2022/04/14
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
Multiple Vulnerabilities in URI.js bundled with SAPUI5
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC
Affected system
type
SAP Innovation Management
Patchday
2022-04
Released
on
2022/03/28
Description
[CVE-2022-27658] Missing authorization check in SAP Innovation Management
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service
Affected system
type
Any
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework
Affected system
type
Adobe LiveCycle Designer
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (up to including 16.7 SP05 PL01)
Affected system
type
SAP Solution Manager...
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)
Affected system
type
Sybase
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere
Affected system
type
Kernel
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
Enable CSP support for OP1909 in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)
Affected system
type
ABAP
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP
Affected system
type
SAP Financial Consolidation
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation
Affected system
type
BI/BO platform
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform
Affected system
type
Java
Patchday
2022-03
Released
on
2013/08/13
Description
Directory traversal in Web Container
Affected system
type
ABAP
Patchday
2022-03
Released
on
2022/03/22
Description
Missing authorization check in S/4HANA finance for advanced payment management
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)
Affected system
type
SAPCAR
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)
Affected system
type
Java
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)
Affected system
type
Java
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
ABAP
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad
Affected system
type
Java
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
SAP Work Manager
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager
Affected system
type
ABAP
Patchday
2022-02
Released
on
2019/04/09
Description
Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)
Affected system
type
SAP Commerce
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver
Affected system
type
SAP Data Intelligence
Patchday
2022-02
Released
on
2022/01/18
Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2022-02
Released
on
2022/02/08
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/01/25
Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP
Affected system
type
SAP Adaptive Server...
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
BI/BO platform
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java
Affected system
type
Java
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)
Affected system
type
None
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management
Affected system
type
ABAP
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)
Affected system
type
SAP IoT
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure
Affected system
type
Java
Patchday
2022-01
Released
on
2021/12/28
Description
Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
SAP Business One
Patchday
2022-01
Released
on
2021/12/14
Description
[CVE-2021-42066] Information Disclosure vulnerability in SAP Business One
Affected system
type
ABAP
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA
Affected system
type
SAP IoT
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability
Affected system
type
ABAP
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
SAP Business One
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44234] Information Disclosure vulnerability in SAP Business One
Affected system
type
SAP Edge Services
Patchday
2022-01
Released
on
2021/12/30
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition
Affected system
type
SAP Enterprise Threat...
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection
Affected system
type
SAP Localization Hub
Patchday
2022-01
Released
on
2021/12/22
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India
Affected system
type
SAP Enterprise...
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis
Affected system
type
SAP Digital...
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing
Affected system
type
Adobe LiveCycle Designer
Patchday
2022-01
Released
on
2021/12/30
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)
Affected system
type
Java
Patchday
2022-01
Released
on
2022/01/11
Description
Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
SAP HANA Platform
Patchday
2022-01
Released
on
2021/12/24
Description
[CVE-2021-44228] Denial of Service vulnerability associated with Apache Log4j component used in XSA Cockpit
Affected system
type
SAP Business One
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
Code Execution vulnerability in SAP Commerce, localization for China
Affected system
type
SAP Edge Services
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/11/23
Description
Missing Authorization check in RFC enabled function modules in SRM
Affected system
type
SAP Connected Health platform
Patchday
2021-12
Released
on
2021/12/20
Description
[CVE-2021-44228] Log4j Vulnerability in Connected Health Platform 2.0 - Fhirserver
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools)
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44232] Directory Traversal vulnerability in SAF-T Framework
Affected system
type
Any
Patchday
2021-12
Released
on
2021/12/15
Description
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44233] Missing Authorization check in GRC Access Control
Affected system
type
SAP UI5
Patchday
2021-12
Released
on
2021/12/14
Description
Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/17
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/16
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA
Affected system
type
SAP Customer Checkout
Patchday
2021-12
Released
on
2021/12/22
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout
Affected system
type
SAP BTP Cloud Foundry runtime
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry
Affected system
type
SAP Edge Services
Patchday
2021-12
Released
on
2021/12/24
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/16
Description
Update 1 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
BI/BO platform
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence)
Affected system
type
SAP Enable Now
Patchday
2021-12
Released
on
2021/12/23
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager
Affected system
type
SAP Landscape...
Patchday
2021-12
Released
on
2021/12/20
Description
[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/21
Description
Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit
Affected system
type
SAP BTP Kyma runtime
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
Missing Authorization Check in DIMP Industry Solution (Equipment and Tools Management & Bills of Services)
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/16
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
SAP API Management
Patchday
2021-12
Released
on
2021/12/24
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)
Affected system
type
SAP Landscape Management
Patchday
2021-12
Released
on
2021/12/14
Description
Missing Authorization Check in SAP Landscape Management
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
Denial of service (DOS) in SAP Commerce
Affected system
type
SAP Cloud for Customer
Patchday
2021-12
Released
on
2021/12/23
Description
[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/11/23
Description
Missing Authorization Check in Vehicle Management System
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-12
Released
on
2021/12/14
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
Java
Patchday
2021-11
Released
on
2021/11/09
Description
Cross-Site Request Forgery vulnerability in Enterprise Services Repository of SAP Process Integration
Affected system
type
ABAP
Patchday
2021-11
Released
on
2021/11/09
Description
URL Redirection vulnerability in Offer Management
Affected system
type
ABAP
Patchday
2021-11
Released
on
2021/11/09
Description
[CVE-2021-42062] Missing Authorization check in SAP ERP HCM
Affected system
type
SAP GUI / Frontend
Patchday
2021-11
Released
on
2021/11/09
Description
[CVE-2021-40503] Information Disclosure in SAP GUI for Windows
Affected system
type
Kernel
Patchday
2021-11
Released
on
2021/11/09
Description
[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel
Affected system
type
SAP Commerce
Patchday
2021-11
Released
on
2021/11/09
Description
[CVE-2021-40502] Missing Authorization check in SAP Commerce
Affected system
type
ABAP
Patchday
2021-11
Released
on
2021/11/09
Description
[CVE-2021-40504] Leverage of Permission in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
SAP FRP
Patchday
2021-11
Released
on
2021/11/09
Description
Several security vulnerabilities in FRP 5.4.0 and FR Engine 5.4.0
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-38181] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP)
Affected system
type
SAP Success Factors
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-40498] Denial of service (DOS) in the SAP SuccessFactors Mobile Application for Android devices
Affected system
type
SAP Business One
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-38179] Information Disclosure in SAP Business One
Affected system
type
SAP Cloud Print Manager
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-40499] Code Injection vulnerability for SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-38183] Cross-Site Scripting (XSS) vulnerability in cms Service of SAP NetWeaver
Affected system
type
SAP UI5
Patchday
2021-10
Released
on
2021/10/12
Description
Cross-Site Scripting (XSS) vulnerability in SAPUI5
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
Missing Authorization check in SCM BAPIs
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
SAP Business One
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-38180] CSV Injection in SAP Business One
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/09/28
Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA OP2020, OP1909 in Import Financial Plan Data
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-40496] Improper Access Control in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports)
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/09/28
Description
Cross-Site Request Forgery (CSRF) vulnerability for S/4HANA OP2020, OP1909 in Import Financial Plan Data
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-40495] Denial of Service (DOS) in SAP NetWeaver Application Server for ABAP and ABAP Platform
Affected system
type
Java
Patchday
2021-10
Released
on
2021/10/12
Description
Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/09/20
Description
Missing transaction start (AU3) entries in the Security Audit Log
Affected system
type
ABAP
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38175] Information Disclosure in SAP Analysis for Microsoft Office
Affected system
type
ABAP
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38164] Missing Authorization check in in SAP ERP Financial Accounting / RFOPENPOSTING_FR
Affected system
type
ABAP
Patchday
2021-09
Released
on
2021/09/14
Description
Reverse tabnabbing vulnerability in SAP Marketing Lead Nurture Stream
Affected system
type
SAP Business One
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-33686] Information Disclosure in SAP Business One
Affected system
type
SAP Business One
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-33688] SQL Injection vulnerability in SAP Business One
Affected system
type
ABAP Java HANA platform
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38177] Null Pointer Dereference vulnerability in SAP CommonCryptoLib
Affected system
type
SAP Business One
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-37532] Directory Listing Enabled in SAP Business One
Affected system
type
Kernel
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38162] HTTP Request Smuggling in SAP Web Dispatcher
Affected system
type
BCM platform
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-33672] Multiple vulnerabilities in SAP Contact Center
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-21489] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38163] Unrestricted File Upload vulnerability in SAP NetWeaver (Visual Composer 7.0 RT)
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-37535] Missing Authorization check in SAP NetWeaver Application Server for Java (JMS Connector Service)
Affected system
type
ABAP
Patchday
2021-09
Released
on
2021/09/14
Description
Missing Authorization check in Financial Accounting
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38174] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
SAP Business One
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-33685] Directory Traversal vulnerability in SAP Business One
Affected system
type
BI/BO platform
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)
Affected system
type
SAP GUI / Frontend
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38150] Information disclosure in SAP Business Client
Affected system
type
ABAP
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework
Affected system
type
Kernel
Patchday
2021-08
Released
on
2021/08/10
Description
Missing Authentication check in SAP Web Dispatcher
Affected system
type
ABAP
Patchday
2021-08
Released
on
2021/06/08
Description
[CVE-2021-21473] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)
Affected system
type
BI/BO platform
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)
Affected system
type
SAP Business One
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer)
Affected system
type
ABAP
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
ABAP
Patchday
2021-08
Released
on
2021/07/27
Description
Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM
Affected system
type
SAP Business One
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33700] Missing Authentication check in SAP Business One
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)
Affected system
type
SAP Cloud Connector
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33695] Multiple Vulnerabilities in SAP Cloud Connector
Affected system
type
BI/BO platform
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)
Affected system
type
SAP Fiori Client Android
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
SAP Business One
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Affected system
type
ABAP
Patchday
2021-08
Released
on
2021/08/10
Description
Switchable Authorization checks for RFC in CRM Middleware
Affected system
type
ABAP
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33677] Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
SAP Lumira Server
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33682] Cross-Site Scripting (XSS) vulnerability in SAP Lumira Server
Affected system
type
Java
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33689] Insufficient Logging in SAP NetWeaver AS for JAVA (Administrator)
Affected system
type
Java
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33670] Denial of Service (DoS) in SAP NetWeaver AS for Java (Http Service)
Affected system
type
ABAP
Patchday
2021-07
Released
on
2021/06/08
Description
[CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
Java
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33671] Missing Authorization check in SAP NetWeaver Guided Procedures
Affected system
type
Kernel
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33684] Memory Corruption in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-07
Released
on
2021/07/13
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
Kernel
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33683] HTTP Request Smuggling in SAP Web Dispatcher and Internet Communication Manager
Affected system
type
Java
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33687] Information Disclosure in SAP NetWeaver AS for Java (Enterprise Portal)
Affected system
type
ABAP
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33678] Code Injection vulnerability in SAP NetWeaver AS ABAP (Reconciliation Framework)
Affected system
type
ABAP
Patchday
2021-07
Released
on
2021/07/13
Description
[CVE-2021-33676] Missing authorization check in SAP CRM ABAP
Affected system
type
Java
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-27635] Missing XML Validation in SAP NetWeaver AS for JAVA
Affected system
type
ABAP
Patchday
2021-06
Released
on
2021/05/25
Description
Incomplete authorization checks for import of environmental data
Affected system
type
ABAP
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-33664] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on Web Dynpro ABAP)
Affected system
type
ABAP
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-33665] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications based on SAP GUI for HTML)
Affected system
type
ABAP
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-33663] Plaintext Injection in SAP NetWeaver AS for ABAP
Affected system
type
Java
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution
Affected system
type
SAP Commerce Cloud
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-33666] Cross-Site Scripting (XSS) in SAP Commerce Cloud
Affected system
type
Internet Graphics Service
Patchday
2021-06
Released
on
2021/06/08
Description
[Multiple CVEs] Memory Corruption vulnerability in SAP Internet Graphics Service
Affected system
type
SAP Enable Now
Patchday
2021-06
Released
on
2021/06/08
Description
[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce Performance Builder - Manager)
Affected system
type
SAP GUI / Frontend
Patchday
2021-05
Released
on
2021/05/11
Description
[CVE-2021-27612] SAP GUI for Windows is vulnerable to redirect users to an untrusted website
Affected system
type
SAP Business One
Patchday
2021-05
Released
on
2021/05/11
Description
[CVE-2021-27616] Multiple vulnerabilities in SAP Business One, version for SAP HANA (Business-One-Hana-Chef-Cookbook)
Affected system
type
SAP CRM UI
Patchday
2021-05
Released
on
2021/04/27
Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP CRM WebClient UI
Affected system
type
Java
Patchday
2021-05
Released
on
2021/05/11
Description
[Multiple CVEs] Multiple vulnerabilities in SAP Process Integration (Integration Builder Framework)
Affected system
type
Java
Patchday
2021-05
Released
on
2021/05/11
Description
Information Disclosure in Enterprise Services Repository of SAP Process Integration
Affected system
type
SAP Commerce Cloud
Patchday
2021-05
Released
on
2021/05/11
Description
[CVE-2021-27619] Information Disclosure in SAP Commerce (Backoffice search)
Affected system
type
SAP Business One
Patchday
2021-05
Released
on
2021/05/11
Description
[CVE-2021-27613] Information Disclosure in SAP Business One (Chef business-one-cookbook)
Affected system
type
ABAP
Patchday
2021-05
Released
on
2021/05/11
Description
[CVE-2021-27611] Code Injection vulnerability in SAP NetWeaver AS ABAP
Affected system
type
ABAP
Patchday
2021-05
Released
on
2021/04/27
Description
Unauthorized use of application functions in SAP GUI for HTML
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
Clickjacking vulnerability in Runtime Workbench of SAP Process Integration
Affected system
type
BI/BO platform
Patchday
2021-04
Released
on
2021/04/13
Description
Information Disclosure in BOE/CMC application
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-04
Released
on
2021/03/18
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27605 ] Missing Authorization check in HCM Travel Management Fiori Apps V2
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27598] Improper Access Control in SAP NetWeaver AS for Java (Customer Usage Provisioning Servlet)
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/04/13
Description
Update 1 to Security Note 1576763: Potential information disclosure relating to usernames
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27599] Information Disclosure in SAP Process Integration (Integration Builder Framework)
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21492] Content spoofing in NetWeaver AS Java HTTP Service
Affected system
type
SAP Solution Manager
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21483] Information Disclosure in SAP Solution Manager
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27603] Denial of Service (DoS) in SAP NetWeaver AS of ABAP
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21482] Information Disclosure in SAP NetWeaver Master Data Management
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27601] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (Applications based on HTMLB for Java)
Affected system
type
SAP Commerce / SAP...
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce
Affected system
type
SAP GUI / Frontend
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27608] Unquoted Search Path in SAPSetup
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27600 ] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution (System Rules)
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-21485] Information Disclosure in SAP NetWeaver AS for Java (Telnet Commands)
Affected system
type
ABAP
Patchday
2021-04
Released
on
2021/03/23
Description
Cross-Site Request Forgery (CSRF) vulnerability in S/4HANA Finance for advanced payment management
Affected system
type
SAP Solution Manager...
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27609] Missing Authorization check in SAP Focused RUN
Affected system
type
Java
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27604] Potential XXE Vulnerability in SAP Process Integration (ESR Java Mappings)
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21481] Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService)
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21491] Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
Reverse TabNabbing vulnerability in SAP NetWeaver Application Server Java (Applications based on HTMLB for Java)
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence
Affected system
type
SAP HANA Platform
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21484] Possible authentication bypass in SAP HANA LDAP scenarios
Affected system
type
ABAP
Patchday
2021-03
Released
on
2021/02/23
Description
Switchable Authorization checks for RFC in In House Cash
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-27592] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21486] Missing Authorization check in SAP Enterprise Financial Services( Bank Customer Accounts )
Affected system
type
ABAP
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21487] Missing Authorization Check in Payment Engine
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21488] Insecure deserialisation in SAP NetWeaver Knowledge Management
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
Reverse tabnabbing issue in Unified Rendering based frameworks in NetWeaver Application Server Java
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-03
Released
on
2021/03/09
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
SAP Netweaver
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21472] Server password not set during installation of SAP NetWeaver Master Data Management 7.1
Affected system
type
BI/BO platform
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21444] Clickjacking vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)
Affected system
type
Kernel
Patchday
2021-02
Released
on
2021/02/09
Description
Reverse Tabnabbing vulnerability within SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)
Affected system
type
SAP Commerce Cloud
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21477] Remote Code Execution vulnerability in SAP Commerce
Affected system
type
Java
Patchday
2021-02
Released
on
2021/02/09
Description
Clickjacking vulnerability in Adapter Runtime of SAP Process Integration
Affected system
type
Java
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21475] Directory Traversal vulnerability in SAP NetWeaver Master Data Management 7.1
Affected system
type
Java
Patchday
2021-02
Released
on
2021/02/09
Description
Clickjacking vulnerability in Cloud Integration Content of SAP Process Integration
Affected system
type
SAP HANA Platform
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21474] SAML Assertion Signature MD5 Digest Algorithm Vulnerability in SAP HANA Database
Affected system
type
ABAP
Patchday
2021-02
Released
on
2021/02/09
Description
Missing Authorization Checks in the Monitor Data and My Data Collections Apps
Affected system
type
ABAP
Patchday
2021-02
Released
on
2021/02/09
Description
Reverse Tabnabbing vulnerability within SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21478] Reverse Tabnabbing vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP)
Affected system
type
SAP GUI / Frontend
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21448] Information Disclosure in SAP GUI for Windows
Affected system
type
SAP Commerce Cloud
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21445] Header Manipulation vulnerability in SAP Commerce Cloud
Affected system
type
SAP 3D Visual Enterprise
Patchday
2021-01
Released
on
2021/01/12
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21466] Code Injection in SAP Business Warehouse and SAP BW/4HANA
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21465] Multiple vulnerabilities in SAP Business Warehouse (Database Interface)
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21446] Denial of service (DOS) in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
Switchable authorization checks for RFC module in In-House-Cash.
Affected system
type
Cloud Foundry
Patchday
2021-01
Released
on
2020/12/22
Description
Information Disclosure in Central Order
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
Cross-Site Request Forgery (CSRF) vulnerability in Cash Management
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21467] Missing Authorization check in SAP Banking Services (Generic Market Data)
Affected system
type
BI/BO platform
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21447] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
Analysis for Office
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21470] XML External Entity vulnerability in SAP EPM add-in
Affected system
type
Java
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21469] Information Disclosure in SAP NetWeaver Master Data Management
Affected system
type
BI/BO platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
Affected system
type
SAP Disclosure Management
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26828] Formula Injection in SAP Disclosure Management
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace Analysis)
Affected system
type
SAP Solution Manager
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26837] Multiple Vulnerabilities in SAP Solution Manager 7.2 (User Experience Monitoring)
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/11/24
Description
Missing Authorization check in S/4HANA (Central Finance)
Affected system
type
HANA Platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26834 ] Improper authentication in SAP HANA database
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
Affected system
type
SAP ERP Client for E-Bilanz
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0
Affected system
type
SAP Commerce Cloud
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/11
Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/10/27
Description
SQL Injection in SAF-T Portugal
Affected system
type
SAP Commerce Cloud
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/10/27
Description
SQL Injection in SAF-T Portugal
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)
Affected system
type
SAP Data Services
Patchday
2020-11
Released
on
2020/11/10
Description
Multiple Vulnerabilities in SAP Data Services
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer
Affected system
type
SAP CRM UI
Patchday
2020-10
Released
on
2020/09/22
Description
Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Missing Authorization check in EHS Task Definition attachments
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6362] Incorrect Authorization in SAP Banking Services
Affected system
type
SAP Solution Manager...
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)
Affected system
type
SAP NetWeaver...
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6370] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (DI Design Time Repository)
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Missing Authorization check in Manage Substitutions - Products and Manage Exclusions - Products
Affected system
type
BI/BO platform
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6308] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services)
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/09/09
Description
Cross-Site Scripting (XSS) vulnerability in CRM Interaction Center
Affected system
type
Solution Manager
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6319] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6365] Reverse Tabnabbing vulnerability in SAP NetWeaver AS Java Start Page
Affected system
type
SAP Commerce Cloud
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6272] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6367] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Composite Application Framework
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Information Disclosure in Supplier Relationship Management
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6368] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6371] Information disclosure in SAP NetWeaver AS ABAP via the POWL Test Feeder endpoint
Affected system
type
SAP Commerce Cloud
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6363] Insufficient Session Expiration in SAP Commerce Cloud
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6366] Missing XML Validation in SAP NetWeaver (Compare Systems)
Affected system
type
SAP Enterprise Portal...
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6323] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (Fiori Framework Page)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6315] Multiple Vulnerabilities in SAP 3D Visual Enterprise Viewer
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Cross-Site Request Forgery (CSRF) in SAP Marketing
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-09
Released
on
2020/09/08
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
Java
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6326] Cross-Site Scripting (XSS) vulnerabilities in SAP NetWeaver AS Java
Affected system
type
SAP Commerce Cloud
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6302] Session Fixation in SAP Commerce
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6311] Improper Authorization Checks in Banking services from SAP Bank Analyzer and SAP S/4HANA Financial Products
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6324] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)
Affected system
type
SAP Marketing
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6320] Improper Access Control in SAP Marketing (Mobile Channel Servlet)
Affected system
type
SAP Adaptive Server...
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6317] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
SAP UI5
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6283] Cross-Site Scripting (XSS) vulnerability in SAP Fiori(Launchpad)
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/08/25
Description
Missing Authorization check in Discrete Industries and Mill Products
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
BI/BO platform
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6325] Multiple Vulnerabilities in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-09
Released
on
2019/03/12
Description
Switchable Authorization checks for RFC BCA_DIM_LOANS_APPLOG_UPDATE in Loans (FI-CAX-FS)
Affected system
type
Lumira Designer
Patchday
2020-08
Released
on
2020/08/11
Description
Potential information disclosure in Lumira Designer
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
Missing Authorization check in TSW Supply Chain Visualization
Affected system
type
Java
Patchday
2020-08
Released
on
2018/06/15
Description
Checking server certificates and host name of managed systems
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6298] Missing Authorization check in SAP Banking Services (Generic Market Data)
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6300] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console)
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
Affected system
type
SAP Adaptive Server...
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6295] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6299] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6301] Missing Authorization check in SAP ERP (HCM Travel Management)
Affected system
type
SAP Commerce
Patchday
2020-08
Released
on
2020/08/11
Description
Vulnerabilities in open source libraries used in SAP Commerce
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
Affected system
type
SAP GUI / Frontend
Patchday
2020-08
Released
on
2020/08/11
Description
Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6273] Missing Authorization check in SAP S/4 HANA (Fiori UI for General Ledger Accounting)
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6293] Unrestricted File Upload in SAP NetWeaver (Knowledge Management)
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6309] Missing Authentication check in SAP NetWeaver AS JAVA
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
BI Platform stores SAP BW Authentication Password as clear text
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6310] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
SAP Data Hub
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6297] Information Disclosure in SAP Data Intelligence
Affected system
type
Java
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6285] Information Disclosure in SAP NetWeaver (XMLToolkit for Java)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing Authorization check in Pricat Inbound and Pricat Outbound
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6280] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing Authorization check in Travel Management
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Switchable Authorization checks for RFC in MM-PUR-GF
Affected system
type
SAP Disclosure Management
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6267] Multiple vulnerabilities in SAP Disclosure Management
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing authorization check in Allocation Management
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/06/23
Description
SESS: Duplicate AU3 entries in the Security Audit Log
Affected system
type
ABAP
Patchday
2020-07
Released
on
2015/08/11
Description
Directory traversal in BC-MID-ICF
Affected system
type
BI/BO platform
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6281] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad)
Affected system
type
BI/BO platform
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6278] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing Authorization Check in S4 ACR Brazil Option
Affected system
type
Java
Exploit available
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
Affected system
type
BI/BO platform
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6276] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/06/09
Description
Switchable authorization checks for RFC in SAP CRM (external billing)
Affected system
type
Java
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6282] Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Update 1 to Security Note 2752614 - [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6246] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP ( Business Server Pages Test Application SBSPEXT_TABLE)
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking
Affected system
type
SAP Business One
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6239] Information Disclosure in SAP Business One (Backup Service)
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6271] Missing XML Validation in SAP Solution Manager (Problem Context Manager)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6268] Missing authorization check in SAP ERP (Statutory Reporting for Insurance Companies)
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6264] Information Disclosure in SAP Commerce
Affected system
type
Adobe LiveCycle Designer
Patchday
2020-06
Released
on
2020/06/09
Description
Multiple vulnerabilities in Adobe LiveCycle Designer 11.0
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6260] Incomplete XML Validation in SAP Solution Manager (Trace Analysis)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6266] URL redirection in SAP Fiori for SAP S/4HANA
Affected system
type
BI/BO platform
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6269] Information Disclosure in SAP Business Objects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Switchable Authorization checks for RFC in Environment, Health & Safety
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6263] Authentication Bypass in Standalone Clients connecting to SAP NetWeaver AS Java via P4 Protocol
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6270] Missing Authorization check in SAP Netweaver AS ABAP (Banking Services)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6275] Server Side Request Forgery vulnerability in SAP NetWeaver AS ABAP
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6266] URL redirection in SAP Fiori for SAP S/4HANA
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6252] Information Disclosure in SAP Adaptive Server Enterprise (Cockpit)
Affected system
type
SAP Enterprise Threat...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6254] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6262] Code Injection vulnerability in Service Data Download
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6259] Missing authorization check in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6248] Code injection in SAP Adaptive Server Enterprise (Backup Server)
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6253] SQL Injection vulnerability in SAP Adaptive Server Enterprise (Web Services)
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6250] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6241] SQL Injection vulnerability in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6243] Code Injection in SAP Adaptive Server Enterprise (XP Server on Windows Platform)
Affected system
type
SAP IDM
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6258] Missing Authorization check in SAP Identity Management
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
This note has been re-released without changes. - Cross-Site Request Forgery (CSRF) vulnerability in SAP Web Dynpro ABAP
Affected system
type
SAP Orient DB
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT00
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/03/12
Description
Switchable Authorization checks in SAP Supplier Relationship Management
Affected system
type
SAP Host Agent
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6234] Privilege Escalation in SAP Host Agent
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6229] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6232] Missing Authorization check in SAP Commerce
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6213]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB)
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6224] Information Disclosure in SAP NetWeaver Application Server Java (HTTP Service)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/ Opendocument)
Affected system
type
SAP GUI / Frontend
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6228] Missing Integrity Check in SAP BUSINESS CLIENT
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6214] Incorrect Authorization in SAP S/4HANA (Financial Products Subledger)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6233] Missing Authorization Check in SAP S/4 HANA (Financial Products Subledger and Banking Services)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6212] Missing Authorization Check in SAP ERP & S/4 HANA (Egypt localized Withholding Tax reports)
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)
Affected system
type
SAP Solution Manager
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6235] Missing authentication check in SAP Solution Manager (Diagnostics Agent )
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6217] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application)
Affected system
type
SAP Landscape Management
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6236] Privilege Escalation in SAP Landscape Management (SAP Adaptive Extensions)
Affected system
type
SAP Enable Now
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6197] Insufficient session expiration in SAP Enable Now Manager
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
Directory traversal in SAP Environment Health and Safety
Affected system
type
ABAP Development Tools
Patchday
2020-03
Released
on
2020/03/10
Description
Missing XML Validation vulnerability in ABAP Development Tools
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
Affected system
type
BI/BO platform
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6196] Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6204] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
Java
Exploit available
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6210] Cross-Site Scripting (XSS) vulnerability in SAP Fiori Launchpad
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6202] Missing XML Validation in SAP NetWeaver Application Server Java (User Management Engine)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)
Affected system
type
SAP Disclosure Management
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6209] Missing Authorization check in SAP Disclosure Management
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
Missing Authorization check in Commercial Project Management
Affected system
type
BI/BO platform
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports)
Affected system
type
SAP CPI DS
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6206] Cross-Site Request Forgery in SAP Cloud Platform Integration for data services
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6205] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages (Smart Forms)
Affected system
type
SAP Commerce Cloud
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6201] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud (testweb extension)
Affected system
type
SAP Commerce Cloud
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6200] Cross-Site-Scripting in SAP Commerce Cloud (SmartEdit extension)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6199] Missing Authorization check in SAP ERP and S/4 HANA (MENA Certificate Management)
Affected system
type
SAP Enable Now
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6178] Insufficient session expiration in SAP Enable Now Manager
Affected system
type
SAP MaxDB
Patchday
2020-03
Released
on
2018/08/14
Description
[CVE-2018-2450] SQL Injection Vulnerability in SAP MaxDB/liveCache
Affected system
type
SAP Host Agent
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6183] Unprivileged Access to technical data using SAPOSCOL of SAP Host Agent
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/01/14
Description
Missing Authorization check in SAP NetWeaver (ABAP Server)
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6193]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Knowledge Management ICE Service)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6188] Missing Authorization check in SAP ERP and S/4 HANA (VAT Pro-Rata reports)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6187]Missing XML Validation vulnerability in SAP NetWeaver(Guided Procedures)
Affected system
type
SAP Landscape Management
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6191] Missing Input Validation in SAP Landscape Management
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6190]Information Disclosure in SAP NetWeaver AS Java (Heap Dump Application)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2019/03/12
Description
[CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6184 ]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver and SAP S/4HANA
Affected system
type
ABAP
Patchday
2020-02
Released
on
2014/09/17
Description
Missing authorization check in IS-B-BCA-AM
Affected system
type
SAP Landscape Management
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6192] Missing Input Validation in SAP Landscape Management
Affected system
type
SAP Mobile Platform
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6177] Missing XML Validation vulnerability in SAP Mobile Platform
Affected system
type
SAP GUI / Frontend
Patchday
2020-02
Released
on
2018/04/10
Description
Security updates for the browser control Google Chromium delivered with SAP Business Client
Affected system
type
BI/BO platform
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console
Affected system
type
SAP Mobile Platform
Patchday
2020-02
Released
on
2020/01/14
Description
Missing Authorization Check in SAP Mobile Platform Native SDK, Android
Affected system
type
SAP Host Agent
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6186] Denial of Service (DOS) Vulnerability in SAP Host Agent
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
Update 1 to Security Note 2736825 - [CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
Missing authorization check in Dangerous Goods Management of EHS Services in SCM
Affected system
type
Realtech
Patchday
2020-01
Released
on
2020/01/14
Description
Missing Authorization check in Realtech RTCISM 100
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
Switchable Authorization checks for RFC in SAP Leasing
Affected system
type
Kernel
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6304] Denial of service (DOS) in SAP NetWeaver Internet Communication Manager
Affected system
type
ABAP
Patchday
2020-01
Released
on
2016/07/12
Description
Whitelist service for Clickjacking Framing Protection in AS ABAP
Affected system
type
Java
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6305] Cross-Site Scripting (XSS) vulnerability in Rest Adapter of SAP Process Integration
Affected system
type
ABAP
Patchday
2020-01
Released
on
2019/12/24
Description
Multiple security vulnerabilities in SAP EAM, add-on for MRO 4.0 by HCL for SAP S/4HANA 1809
Affected system
type
SAP Disclosure Management
Patchday
2020-01
Released
on
2020/01/13
Description
[CVE-2020-6303] Improper input validation in SAP Disclosure Management
Affected system
type
ABAP
Patchday
2020-01
Released
on
2019/11/12
Description
[CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6306] Missing Authorization check in SAP Leasing
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
Missing authorization check in Transaction Manager
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6307] Missing Authorization Check in Automated Note Search Tool (SAP_BASIS)
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/11/26
Description
Missing Authorization Check in S/4Hana ACR Brazil Option Features
Affected system
type
SAP Adaptive Server...
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/12/10
Description
Missing Authorization Check in SAP Cash Management
Affected system
type
BI/BO platform
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)
Affected system
type
BI/BO platform
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)
Affected system
type
Java
Patchday
2019-12
Released
on
2019/12/10
Description
Information Disclosure in PI Axis Adapter
Affected system
type
SAP Enable Now
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911
Affected system
type
Java
Patchday
2019-12
Released
on
2019/12/10
Description
Upgrade SSL support to TLSv1.2
Affected system
type
BI/BO platform
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
VMC Authority Check
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management
Affected system
type
BI/BO platform
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)
Affected system
type
SAP Data Hub
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)
Affected system
type
SAP Enable Now
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent
Affected system
type
Java
Patchday
2019-05
Released
on
2006/07/07
Description
Detailed error messages with stack trace in Web Dynpro
Affected system
type
Sybase platform
Patchday
2017-08
Released
on
2017/08/08
Description
Cross-Site Request Forgery (CSRF) vulnerability in multiple SAP Sybase products
Affected system
type
HCM
Patchday
2015-04
Released
on
2015/03/10
Description
Potential Buffer overflow in PA-PAO