sap se

Top products

The 15 most recently published vulnerabilities affecting sap se.

• CVE-2025-42956Multiple vulnerabilities in SAP NetWeaver Application Server ABAP6.1Jul 8, 2025
• CVE-2023-36920Clickjacking vulnerability in SAP Enable Now6.1Oct 30, 2023
• CVE-2023-40307Privileges Memory Corruption (Out-of-bound write)6.3Sep 28, 2023
• CVE-2023-40306URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)6.1Sep 8, 2023
• CVE-2022-41260SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful ex...6.1Nov 8, 2022
• CVE-2022-41259SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRA...6.5Nov 8, 2022
• CVE-2022-41258Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration C...6.5Nov 8, 2022
• CVE-2022-41215SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to...4.7Nov 8, 2022
• CVE-2022-41214Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which i...8.7Nov 8, 2022
• CVE-2022-41212Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is ...4.9Nov 8, 2022
• CVE-2022-41211Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code ...7.0Nov 8, 2022
• CVE-2022-41208Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, th...5.4Nov 8, 2022
• CVE-2022-41207SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a mal...6.1Nov 8, 2022
• CVE-2022-41205SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confiden...5.5Nov 8, 2022
• CVE-2022-41203In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters ...8.8Nov 8, 2022