Search Results (1699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0748 1 Sap 1 Internet Transaction Server 2026-04-16 N/A
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
CVE-2002-1579 1 Sap 1 Sapgui 2026-04-16 N/A
SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.
CVE-2003-0945 1 Sap 1 Sap Db 2026-04-16 N/A
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.
CVE-2006-4133 1 Sap 1 Internet Graphics Server 2026-04-16 N/A
Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.
CVE-2025-42929 1 Sap 1 Landscape Transformation Replication Server 2026-04-15 8.1 High
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.
CVE-2025-42927 1 Sap 5 Java As, Netweaver, Netweaver As Abap and 2 more 2026-04-15 3.4 Low
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has a low impact on confidentiality and integrity, with no impact on availability.
CVE-2025-42883 1 Sap 5 Application Server, Netweaver, Netweaver Abap and 2 more 2026-04-15 2.7 Low
Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low impact on the integrity of the application.
CVE-2025-42916 1 Sap 1 S/4hana 2026-04-15 8.1 High
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.
CVE-2025-42887 1 Sap 1 Solution Manager 2026-04-15 9.9 Critical
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.
CVE-2025-42915 1 Sap 1 Fiori 2026-04-15 5.4 Medium
Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.
CVE-2025-42914 1 Sap 1 Fiori 2026-04-15 3.1 Low
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted.
CVE-2024-44120 1 Sap 1 Netweaver Enterprise Portal 2026-04-15 4.7 Medium
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.
CVE-2025-42906 1 Sap 1 Commerce Cloud 2026-04-15 5.3 Medium
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.
CVE-2025-42904 1 Sap 1 Application Server Java 2026-04-15 6.5 Medium
Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.
CVE-2025-42909 1 Sap 1 Cloud Appliance Library Appliances 2026-04-15 3 Low
SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.
CVE-2025-42902 1 Sap 5 Abap Platform, As Abap, Netweaver and 2 more 2026-04-15 5.3 Medium
Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.
CVE-2025-42896 1 Sap 1 Businessobjects Business Intelligence Platform 2026-04-15 5.4 Medium
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability.
CVE-2025-42903 1 Sap 1 Financial Service Claims Management 2026-04-15 4.3 Medium
A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability.
CVE-2025-42922 1 Sap 4 Java As, Netweaver, Netweaver Java and 1 more 2026-04-15 9.9 Critical
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.
CVE-2025-42888 2 Microsoft, Sap 4 Windows, Gui, Gui For Windows and 1 more 2026-04-15 5.5 Medium
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability.