Sap Vulnerabilities
Comprehensive security vulnerability database for Sap products
3
3
9
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2022-22536 | 10.0 | This vulnerability allows an attacker to sneak malicious data into a victim's web request, enabling them to impersonate the victim and potentially manipulate or steal sensitive information. The attacker does not need to be authenticated, making it easier to exploit systems like SAP Content Server and related applications. | sapcontent server | Exploit Available | about 4 years agoFeb 9, 2022 |
| CVE-2021-38180 | 9.8 | An attacker can inject harmful commands into an Excel file exported from SAP Business One, which could then run on the victim's computer if they open the file and enable macros in Excel. This means that the victim's security settings must allow for running these commands for the attack to succeed. | sapbusiness one | Exploit Available | over 4 years agoOct 12, 2021 |
| CVE-2021-38162 | 9.4 | This vulnerability allows an attacker to send specially crafted requests to an SAP Web Dispatcher, which can trick the connected back-end server into executing harmful commands. The attacker does not need to be authenticated, but they may need to send multiple requests to successfully exploit the issue. | sapweb dispatcher | Exploit Available | over 4 years agoSep 14, 2021 |
About Sap Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Sap products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.