CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

EUVD-2025-60995

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

CVE-2025-42907 Server-Side Request Forgery in SAP BI Platform

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

The vulnerability of the cloud-security-services-integration-library library of the development, integration, and application extension platform in the SAP Business Technology Platform (BTP) virtual environment allows a perpetrator to enhance their privileges.

The vulnerability of the cloud-security-services-integration-library library of the development, integration, and application extension platform in the SAP Business Technology Platform BTP environment is related to insecure management of privileges. Exploiting this vulnerability could allow a...

CVE-2023-50422

SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...

The vulnerability of software for developing and executing applications in the ABAP language of SAP NetWeaver Application Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerabilities in software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality, integrity, and...

CVE-2023-28762

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting int...

CVE-2022-32236

When a user opens manipulated Windows Bitmap .bmp, 2d.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

The vulnerability of the SAP Business Objects Business Intelligence Platform lies in its lack of security measures to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of the SAP Business Objects Business Intelligence Platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

SAP NetWeaver Knowledge Management Code Issue Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A code issue vulnerability exists in SAP NetWeaver Knowledge Management, which can be exploited by attackers to...

SAP SAPCAR Buffer Overflow Vulnerability

SAP SAPCAR is a set of compression and decompression tools for use in SAP Kernel. A buffer overflow vulnerability exists in SAP SAPCAR. An attacker could exploit this vulnerability to perform unauthorized operations in the context of an affected application...