Lucene search
K

Vulnerabilities fixed in SAP products

🗓️ 05 Sep 2025 11:12:05Reported by NCSCType 
ncsc
 ncsc
🔗 advisories.ncsc.nl👁 79 Views

SAP fixed authorization bypass, XSS, directory traversal, and CRLF injection in SAP products; CVE-2025-42957 may grant full control; updates released.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the exposure of system data to unauthorized access within the controlled area. This allows attackers to disclose protected information.
22 Jan 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the OBN component of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of authenticity verification for a critical function. This allows attackers to circumvent existing security restrictions.
1 Apr 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the functional module of the SAP S/4HANA software platform’s RFC interface allows a perpetrator to execute arbitrary code.
11 Apr 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the SAP NetWeaver software integration platform, related to incorrect authorization, allows a perpetrator to execute arbitrary code.
23 Apr 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation (SLT) allows a attacker to influence the confidentiality, integrity, and accessibility of the protected information.
1 Sep 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the SLD component of the SAP Business One resource management system allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.
1 Sep 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the functional module of the SAP S/4HANA software platform’s RFC interface allows a perpetrator to execute arbitrary code.
1 Sep 202500:00
bdu_fstec
BDU FSTEC
The vulnerabilities in the software for developing and executing applications in the ABAP language of SAP NetWeaver Application Server ABAP (BIC Document) allow attackers to carry out cross-site scripting attacks and gain unauthorized access to protected information.
1 Sep 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server ABAP (BIC Document) allows a perpetrator to gain unauthorized access to protected information.
1 Sep 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Supplier Invoice component in the SAP S/4HANA software platform allows a hacker to circumvent security restrictions.
22 Dec 202500:00
bdu_fstec
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation