Known Vulnerabilities for products from Sap

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sap".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-40135 json An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows a... Not Provided 2026-05-12 2026-06-03
CVE-2026-34264 json During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to thi... Not Provided 2026-04-14 2026-05-04
CVE-2026-34262 json Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer Not Provided 2026-04-14 2026-05-04
CVE-2026-34257 json Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malic... Not Provided 2026-04-14 2026-06-03
CVE-2026-27688 json Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privil... Not Provided 2026-03-10 2026-06-03
CVE-2026-27682 json Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on B... Not Provided 2026-05-12 2026-06-03
CVE-2026-27680 json Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject c... Not Provided 2026-05-14 2026-06-03
CVE-2026-27679 json Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker coul... Not Provided 2026-04-14 2026-05-04
CVE-2026-27674 json Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker... Not Provided 2026-04-14 2026-06-03
CVE-2026-24316 json SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to... Not Provided 2026-03-10 2026-06-03
CVE-2026-24310 json Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute spec... Not Provided 2026-03-10 2026-06-03
CVE-2026-24309 json Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute spec... Not Provided 2026-03-10 2026-06-03
CVE-2026-23687 json SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a v... Not Provided 2026-02-10 2026-06-09
CVE-2024-22125 json 7.5 - HIGH 2024-01-09 2024-01-12
CVE-2024-22124 json 7.5 - HIGH 2024-01-09 2024-01-22
CVE-2024-21738 json 5.4 - MEDIUM 2024-01-09 2024-01-11
CVE-2024-21737 json 9.1 - CRITICAL 2024-01-09 2024-01-16
CVE-2024-21736 json 6.5 - MEDIUM 2024-01-09 2024-01-19
CVE-2024-21735 json 7.2 - HIGH 2024-01-09 2024-01-30
CVE-2024-21734 json 5.4 - MEDIUM 2024-01-09 2024-01-12
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Sap

Type Vendor Product Version
ApplicationSap3d Visual Enterprise Viewer-
ApplicationSapAbap Platform7.31
ApplicationSapActivex Viewer1.0.0
ApplicationSapAdaptive Extensions1.0
ApplicationSapAdaptive Server Enterprise15.7
ApplicationSapAdaptive Server Enterprise Backup Server16.0
ApplicationSapAdaptive Server Enterprise Cockpit16.0
ApplicationSapAdminadapter-
ApplicationSapAfaria7.0
ApplicationSapAgentry Sdk7.1
ApplicationSapApplication Server2008_1_46c
ApplicationSapApplication Server Java7.2
ApplicationSapBackground Processing-
ApplicationSapBanking Services400
ApplicationSapBank Analyzer500
ApplicationSapBasis7.0
ApplicationSapBasis Communication Services4.6
ApplicationSapBi Launchpad-
ApplicationSapBi Universal Data Integration-
ApplicationSapBusinessobjects-
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report