- What is the sap CNA?
- sap is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 1,436 CVE records since 2017.
- How many CVEs has sap published?
- sap has published 1,436 CVE records, including 392 in the last two years.
- What is sap's CVE data quality grade?
- RadicalNotion.AI grades sap's CVE data quality as B, with an overall completeness score of 81.5%. This reflects how consistently its CVE records include vendor (99.7%), product (99.7%), CVSS (69.7%), and CWE (56.8%) information.
- What products does sap publish CVEs for?
- sap most frequently publishes CVEs for 3d visual enterprise viewer, SAP 3D Visual Enterprise Viewer, netweaver_application_server_abap, BusinessObjects Business Intelligence Platform, netweaver_application_server_java.
- Which vendors does sap cover?
- sap publishes CVEs across 5 distinct vendors, most often SAP, microsoft, cla-assistant, redwood, kyma-project.
- Is sap actively publishing CVEs?
- sap is currently active, based on 392 CVEs in the last two years.
- What is the average severity of sap's CVEs?
- The average CVSS base score across sap's scored CVEs is 6.1.
- How many critical CVEs has sap published?
- sap has published 148 critical-severity CVEs and 411 high-severity CVEs.
- Are any of sap's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 8 of sap's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in sap's CVEs?
- sap's CVEs most often map to these CWE weakness types: CWE-862 (Missing Authorization), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-787 (Out-of-bounds Write), CWE-94 (Improper Control of Generation of Code ('Code Injection')).
- How does sap rank among CNAs?
- By total CVE volume, sap ranks #33 of 370 CNAs, and it reports more complete CVE records than 30% of all CNAs.