← Back to News Iceland Security Dashboard Browse all tags
sap

Sap

netweaver 15netweaver-as-java 4solution-manager 1solution manager 1netweaver-visual-composer 1netweaver-application-server-java 1multiple products 1customer-relationship-management 1customer relationship management (crm) 1commerce-cloud 1commerce cloud 1

CVEs tagged with this vendor (14)

CVE-2010-5326 🚨 NetWeaver
CVE-2010-5326 is a critical remote code execution vulnerability in the Invoker Servlet of SAP NetWeaver Application Server Java platforms, potentially affecting…
CVE-2016-2386 🚨 NetWeaver
CVE-2016-2386 is a critical SQL injection vulnerability (CWE-89) in the UDDI server component of SAP NetWeaver J2EE Engine 7.40, allowing remote attackers to ex…
CVE-2016-2388 🚨 NetWeaver
CVE-2016-2388 is a medium severity information disclosure vulnerability in SAP NetWeaver AS JAVA 7.4 that allows remote attackers to obtain sensitive user infor…
CVE-2016-3976 🚨 NetWeaver
CVE-2016-3976 is a directory traversal vulnerability in SAP NetWeaver AS Java versions 7.1 through 7.5, classified under CWE-22. It allows remote attackers to r…
CVE-2016-9563 🚨 NetWeaver
CVE-2016-9563 is a Medium severity vulnerability (CVSS 6.5) in SAP NetWeaver AS JAVA 7.5 affecting the BC-BMT-BPM-DSK component. It allows remote authenticated …
CVE-2017-12637 🚨 NetWeaver
CVE-2017-12637 is a directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5 that allows remote attackers to read arbitrary files via a do…
CVE-2018-2380 🚨 Customer Relationship Management (CRM)
CVE-2018-2380 is a path traversal vulnerability in SAP Customer Relationship Management (CRM) versions 7.01, 7.02, 7.30, 7.31, 7.33, and 7.54, classified under …
CVE-2019-0344 🚨 Commerce Cloud
CVE-2019-0344 is a critical deserialization vulnerability (CWE-502) in SAP Commerce Cloud versions 6.4 through 1905, allowing arbitrary code execution with Hybr…
CVE-2020-6207 🚨 Solution Manager
CVE-2020-6207 is a critical authentication bypass vulnerability in SAP Solution Manager (User Experience Monitoring) version 7.2, classified under CWE-306 Missi…
CVE-2020-6287 🚨 NetWeaver
CVE-2020-6287 is a critical vulnerability in SAP NetWeaver AS JAVA versions 7.30 through 7.50 involving a missing authentication check in the LM Configuration W…
CVE-2021-38163 🚨 NetWeaver
CVE-2021-38163 is a critical remote code execution vulnerability in SAP NetWeaver Visual Composer versions 7.0 RT through 7.50, classified under CWE-22 (Path Tr…
CVE-2022-22536 🚨 Multiple Products
CVE-2022-22536 is a critical request smuggling and concatenation vulnerability affecting SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server…
CVE-2025-31324 🚨 NetWeaver
CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer Metadata Uploader caused by insufficient authorization controls. This flaw allows un…
CVE-2025-42999 🚨 NetWeaver
CVE-2025-42999 is a critical deserialization vulnerability (CWE-502) in SAP NetWeaver Visual Composer Metadata Uploader, allowing privileged users to upload mal…

Articles tagged with Sap (24)

HIGH
NCSC-2026-0140 [1.00] [M/H] Kwetsbaarheden verholpen in diverse SAP-producten
NCSC Netherlands · 2026-05-12
CRITICAL
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
SecurityWeek · 2026-05-12
CRITICAL
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
BleepingComputer · 2026-05-12
HIGH
Multiples vulnérabilités dans les produits SAP (12 mai 2026)
CERT-FR (ANSSI) · 2026-05-12
INFO
Avantra’s new AI can diagnose SAP failures in seconds
Help Net Security · 2026-05-08
HIGH
Supply chain attack against SAP npm packages facilitates credential theft
SC Media · 2026-05-01
MEDIUM
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
Sophos News · 2026-04-29
CRITICAL
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
The Hacker News · 2026-04-15
CRITICAL
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
CSO Online · 2026-04-15
MEDIUM
NCSC-2026-0113 [1.00] [M/H] Kwetsbaarheden verholpen in SAP-producten
NCSC Netherlands · 2026-04-14
CRITICAL
SAP Patches Critical ABAP Vulnerability
SecurityWeek · 2026-04-14
HIGH
Multiples vulnérabilités dans les produits SAP (14 avril 2026)
CERT-FR (ANSSI) · 2026-04-14
CRITICAL
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
The Hacker News · 2026-03-11
CRITICAL
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities
SecurityWeek · 2026-03-10
CRITICAL
[NEU] [hoch] SAP Patchday März 2026: Mehrere Schwachstellen
BSI Germany · 2026-03-10
CRITICAL
February 2026 Security Patch Report: Microsoft, SAP, Intel, Adobe, and 60+ Vendors Address Critical Vulnerabilities in OS, Cloud, and Network Platforms
Web Discovery · 2026-02-11
CRITICAL
Þriðjudagsuppfærslur Microsoft og SAP ásamt veikleikum hjá Fortinet og Hewlett Packard Enterprise
CERT-IS · 2026-02-11
CRITICAL
SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities
SecurityWeek · 2026-02-10
HIGH
Multiples vulnérabilités dans les produits SAP (10 février 2026)
CERT-FR (ANSSI) · 2026-02-10
MEDIUM
NCSC-2026-0052 [1.00] [M/H] Kwetsbaarheden verholpen in SAP producten
NCSC Netherlands · 2026-02-10
HIGH
SAP Security Patch Day Fixes Critical Code Injection Flaw in SAP CRM and S/4HANA
Web Discovery · 2026-02-10
CRITICAL
SAP Security Patch Day - Critical SAP CRM and SAP S/4HANA Code Injection Vulnerabilities Fixed
Web Discovery · 2026-02-10
HIGH
[NEU] [hoch] SAP Patchday Februar 2026: Mehrere Schwachstellen
BSI Germany · 2026-02-10
HIGH
Why boards should be obsessed with their most ‘boring’ systems
CyberScoop · 2026-02-05