Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 113 and the highest CVSS score is 10.0.
Affected system
type
Java
Patchday
2024-03
Released
on
2024/03/12
Description
[CVE-2024-22127] Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)
Affected system
type
SAP Build Apps
Patchday
2024-03
Released
on
2024/03/12
Description
[CVE-2019-10744] Code Injection vulnerability in applications built with SAP Build Apps
Affected system
type
ABAP
Patchday
2024-02
Released
on
2024/02/13
Description
[CVE-2024-22131] Code Injection vulnerability in SAP ABA (Application Basis)
Affected system
type
BTP
Patchday
2024-01
Released
on
2024/01/09
Description
[CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA
Affected system
type
SAP Edge Integration
Patchday
2024-01
Released
on
2024/01/09
Description
[Multiple CVEs] Escalation of Privileges in SAP Edge Integration Cell
Affected system
type
ABAP
Patchday
2023-12
Released
on
2023/12/12
Description
Update 1 to 3350297 - [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
Affected system
type
BTP
Patchday
2023-12
Released
on
2023/12/12
Description
[Multiple CVEs] Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries
Affected system
type
SAP Business One
Patchday
2023-11
Released
on
2023/11/14
Description
[CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation
Affected system
type
Kernel, HANA...
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib
Affected system
type
SAP BI
Patchday
2023-09
Released
on
2023/09/12
Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)
Affected system
type
ABAP
Patchday
2023-08
Released
on
2023/07/11
Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
Affected system
type
SAP PowerDesigner
Patchday
2023-08
Released
on
2023/08/08
Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner
Affected system
type
Reprise License Manager
Patchday
2023-05
Released
on
2023/05/09
Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager
Affected system
type
BI/BO platform
Patchday
2023-05
Released
on
2023/05/09
Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)
Affected system
type
BI/BO platform
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )
Affected system
type
Java
Patchday
2023-04
Released
on
2023/04/11
Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)
Affected system
type
BI/BO platform
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)
Affected system
type
BI/BO platform
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
ABAP
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
Java
Patchday
2023-03
Released
on
2023/03/14
Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java
Affected system
type
BI/BO platform
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)
Affected system
type
Kernel / ABAP
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Affected system
type
Java
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java
Affected system
type
SAP Business Planning...
Patchday
2023-01
Released
on
2023/01/10
Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)
Affected system
type
SAP Commerce
Patchday
2022-12
Released
on
2022/12/13
Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce
Affected system
type
BI/BO platform
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform
Affected system
type
Java
Patchday
2022-12
Released
on
2022/12/13
Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)
Affected system
type
BI/BO platform
Exploit available
Patchday
2022-11
Released
on
2022/11/08
Description
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)
Affected system
type
Java
Patchday
2022-10
Released
on
2022/10/11
Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
Affected system
type
SAP Business One Cloud
Patchday
2022-05
Released
on
2022/05/10
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud
Affected system
type
Any
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework
Affected system
type
SAP HANA Platform
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services
Affected system
type
SAP Customer Checkout
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (up to including 16.7 SP05 PL01)
Affected system
type
SAP Commerce
Patchday
2022-04
Released
on
2022/04/18
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce
Affected system
type
Java
Patchday
2022-04
Released
on
2022/04/12
Description
Update 1 to Security Note 3022622 - [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence
Affected system
type
SAP Customer...
Patchday
2022-04
Released
on
2022/04/14
Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics
Affected system
type
SAP Solution Manager...
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)
Affected system
type
SAP Work Manager
Patchday
2022-03
Released
on
2022/03/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager
Affected system
type
SAP Data Intelligence
Patchday
2022-02
Released
on
2022/01/18
Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)
Affected system
type
None
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management
Affected system
type
Kernel
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
Affected system
type
SAP Commerce
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce
Affected system
type
Java
Patchday
2022-02
Released
on
2022/02/08
Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools
Affected system
type
SAP Business One
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One
Affected system
type
SAP IoT
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure
Affected system
type
SAP Enterprise...
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis
Affected system
type
SAP Localization Hub
Patchday
2022-01
Released
on
2021/12/22
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India
Affected system
type
SAP Edge Services
Patchday
2022-01
Released
on
2021/12/30
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition
Affected system
type
SAP IoT
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability
Affected system
type
SAP Digital...
Patchday
2022-01
Released
on
2022/01/11
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing
Affected system
type
SAP BTP Kyma runtime
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma
Affected system
type
SAP Commerce
Patchday
2021-12
Released
on
2021/12/14
Description
Code Execution vulnerability in SAP Commerce, localization for China
Affected system
type
Java
Patchday
2021-12
Released
on
2021/12/16
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration
Affected system
type
ABAP
Patchday
2021-12
Released
on
2021/12/14
Description
[CVE-2021-44231] Code Injection vulnerability in SAP ABAP Server & ABAP Platform (Translation Tools)
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/17
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/16
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA
Affected system
type
SAP Customer Checkout
Patchday
2021-12
Released
on
2021/12/22
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout
Affected system
type
SAP BTP Cloud Foundry runtime
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry
Affected system
type
SAP Edge Services
Patchday
2021-12
Released
on
2021/12/24
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition
Affected system
type
SAP Landscape...
Patchday
2021-12
Released
on
2021/12/20
Description
[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management
Affected system
type
SAP HANA Platform
Patchday
2021-12
Released
on
2021/12/21
Description
Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit
Affected system
type
SAP Edge Services
Patchday
2021-12
Released
on
2021/12/21
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform
Affected system
type
SAP API Management
Patchday
2021-12
Released
on
2021/12/24
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)
Affected system
type
SAP Enable Now
Patchday
2021-12
Released
on
2021/12/23
Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Enable Now Manager
Affected system
type
Any
Patchday
2021-12
Released
on
2021/12/15
Description
[CVE-2021-44228] Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component
Affected system
type
Kernel
Patchday
2021-11
Released
on
2021/11/09
Description
[CVE-2021-40501] Missing Authorization check in ABAP Platform Kernel
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/10/12
Description
[CVE-2021-38178] Improper Authorization in SAP NetWeaver AS ABAP and ABAP Platform
Affected system
type
Java
Patchday
2021-10
Released
on
2021/10/12
Description
Potential XML External Entity Injection Vulnerability in SAP Environmental Compliance
Affected system
type
ABAP
Patchday
2021-10
Released
on
2021/09/20
Description
Missing transaction start (AU3) entries in the Security Audit Log
Affected system
type
BCM platform
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-33672] Multiple vulnerabilities in SAP Contact Center
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38163] Unrestricted File Upload vulnerability in SAP NetWeaver (Visual Composer 7.0 RT)
Affected system
type
Java
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-37535] Missing Authorization check in SAP NetWeaver Application Server for Java (JMS Connector Service)
Affected system
type
ABAP
Patchday
2021-09
Released
on
2021/09/14
Description
[CVE-2021-38176] SQL Injection vulnerability in SAP NZDT Mapping Table Framework
Affected system
type
Java
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)
Affected system
type
SAP Business One
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One
Affected system
type
ABAP
Patchday
2021-08
Released
on
2021/08/10
Description
[CVE-2021-33701] SQL Injection vulnerability in SAP NZDT Row Count Reconciliation
Affected system
type
ABAP
Patchday
2021-07
Released
on
2021/06/08
Description
[CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
Affected system
type
SAP Commerce / SAP...
Patchday
2021-04
Released
on
2021/04/13
Description
[CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21481] Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService)
Affected system
type
Java
Patchday
2021-03
Released
on
2021/03/09
Description
[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence
Affected system
type
SAP Commerce Cloud
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21477] Remote Code Execution vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21465] Multiple vulnerabilities in SAP Business Warehouse (Database Interface)
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21466] Code Injection in SAP Business Warehouse and SAP BW/4HANA
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
Affected system
type
BI/BO platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/11
Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)
Affected system
type
SAP Data Services
Patchday
2020-11
Released
on
2020/11/10
Description
Multiple Vulnerabilities in SAP Data Services
Affected system
type
Solution Manager
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
Affected system
type
SAP Marketing
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6320] Improper Access Control in SAP Marketing (Mobile Channel Servlet)
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
Affected system
type
Java
Exploit available
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6252] Information Disclosure in SAP Adaptive Server Enterprise (Cockpit)
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6262] Code Injection vulnerability in Service Data Download
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6248] Code injection in SAP Adaptive Server Enterprise (Backup Server)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
Affected system
type
SAP Orient DB
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)
Affected system
type
Java
Exploit available
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
Affected system
type
SAP GUI / Frontend
Patchday
2020-02
Released
on
2018/04/10
Description
Security updates for the browser control Google Chromium delivered with SAP Business Client
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent