Export limit exceeded: 18681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351572 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42891 | 1 Sap | 1 Enterprise Search For Abap | 2026-04-15 | 5.5 Medium |
| Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability. | ||||
| CVE-2025-42895 | 1 Sap | 1 Hana-client | 2026-04-15 | 6.9 Medium |
| Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application. | ||||
| CVE-2025-42896 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2026-04-15 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability. | ||||
| CVE-2025-42897 | 1 Sap | 1 Business One | 2026-04-15 | 5.3 Medium |
| Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability. | ||||
| CVE-2025-42899 | 1 Sap | 1 S4core | 2026-04-15 | 4.3 Medium |
| SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application. | ||||
| CVE-2025-42901 | 1 Sap | 3 Application Server, Netweaver Application Server For Abap, Sap Web Application Server | 2026-04-15 | 5.4 Medium |
| SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability of the application. | ||||
| CVE-2025-42902 | 1 Sap | 5 Abap Platform, As Abap, Netweaver and 2 more | 2026-04-15 | 5.3 Medium |
| Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity. | ||||
| CVE-2025-42903 | 1 Sap | 1 Financial Service Claims Management | 2026-04-15 | 4.3 Medium |
| A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability. | ||||
| CVE-2025-42904 | 1 Sap | 1 Application Server Java | 2026-04-15 | 6.5 Medium |
| Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability. | ||||
| CVE-2025-42906 | 1 Sap | 1 Commerce Cloud | 2026-04-15 | 5.3 Medium |
| SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application. | ||||
| CVE-2025-42907 | 2 Sap, Sap Se | 2 Businessobjects Bi Platform, Sap Business Objects Business Intgelligence Platform | 2026-04-15 | 4.3 Medium |
| SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system. | ||||
| CVE-2025-42908 | 1 Sap | 1 Netweaver Application Server For Abap | 2026-04-15 | 5.4 Medium |
| Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated authorization check. This vulnerability could allow the attacker to perform actions and execute transactions that would normally require specific permissions, compromising the integrity and confidentiality of the system by enabling unauthorized access to restricted functionality. There is no impact to availability from this vulnerability. | ||||
| CVE-2025-42909 | 1 Sap | 1 Cloud Appliance Library Appliances | 2026-04-15 | 3 Low |
| SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted. | ||||
| CVE-2025-42910 | 1 Sap | 1 Supplier Relationship Management | 2026-04-15 | 9 Critical |
| Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2025-42912 | 1 Sap | 1 Fiori | 2026-04-15 | 6.5 Medium |
| SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. | ||||
| CVE-2025-42913 | 1 Sap | 1 Fiori | 2026-04-15 | 3.1 Low |
| Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-42919 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-15 | 5.3 Medium |
| Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access to sensitive application metadata. This results in a partial compromise of the confidentiality of the information without affecting the integrity or availability of the application server. | ||||
| CVE-2025-42915 | 1 Sap | 1 Fiori | 2026-04-15 | 5.4 Medium |
| Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2025-42916 | 1 Sap | 1 S/4hana | 2026-04-15 | 8.1 High |
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality. | ||||
| CVE-2025-42917 | 1 Sap | 1 Fiori | 2026-04-15 | 6.5 Medium |
| SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. | ||||