Export limit exceeded: 357825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1699 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42891 | 1 Sap | 1 Enterprise Search For Abap | 2026-04-15 | 5.5 Medium |
| Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability. | ||||
| CVE-2025-42947 | 1 Sap | 1 Fica Odn Framework | 2026-04-15 | 5.5 Medium |
| SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application. | ||||
| CVE-2025-42878 | 1 Sap | 1 Web Dispatcher And Internet Communication Manager | 2026-04-15 | 8.2 High |
| SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application. | ||||
| CVE-2025-42895 | 1 Sap | 1 Hana-client | 2026-04-15 | 6.9 Medium |
| Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application. | ||||
| CVE-2025-42958 | 1 Sap | 2 Netweaver, Sap Netweaver | 2026-04-15 | 9.1 Critical |
| Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-42914 | 1 Sap | 1 Fiori | 2026-04-15 | 3.1 Low |
| Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-42944 | 1 Sap | 2 Netweaver, Sap Netweaver | 2026-04-15 | 10 Critical |
| Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability. | ||||
| CVE-2024-47580 | 1 Sap | 1 Netweaver | 2026-04-15 | 6.8 Medium |
| An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability. | ||||
| CVE-2025-42887 | 1 Sap | 1 Solution Manager | 2026-04-15 | 9.9 Critical |
| Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system. | ||||
| CVE-2025-42930 | 1 Sap | 1 Business Planning And Consolidation | 2026-04-15 | 6.5 Medium |
| SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity. | ||||
| CVE-2025-42975 | 1 Sap | 5 Application Server, Netweaver, Netweaver Abap and 2 more | 2026-04-15 | 6.1 Medium |
| SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability. | ||||
| CVE-2025-42929 | 1 Sap | 1 Landscape Transformation Replication Server | 2026-04-15 | 8.1 High |
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database. | ||||
| CVE-2025-42876 | 1 Sap | 2 Hana, S/4 Hana | 2026-04-15 | 7.1 High |
| Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected. | ||||
| CVE-2025-42916 | 1 Sap | 1 S/4hana | 2026-04-15 | 8.1 High |
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality. | ||||
| CVE-2025-42933 | 1 Sap | 1 Business One | 2026-04-15 | 8.8 High |
| When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-42927 | 1 Sap | 5 Java As, Netweaver, Netweaver As Abap and 2 more | 2026-04-15 | 3.4 Low |
| SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has a low impact on confidentiality and integrity, with no impact on availability. | ||||
| CVE-2025-42885 | 1 Sap | 1 Hana | 2026-04-15 | 5.8 Medium |
| Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system. | ||||
| CVE-2025-42888 | 2 Microsoft, Sap | 4 Windows, Gui, Gui For Windows and 1 more | 2026-04-15 | 5.5 Medium |
| SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability. | ||||
| CVE-2025-42890 | 1 Sap | 1 Sql Anywhere | 2026-04-15 | 10 Critical |
| SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system. | ||||
| CVE-2025-43001 | 1 Sap | 1 Sapcar | 2026-04-15 | 6.9 Medium |
| SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system. | ||||