- How many CVEs does SAP have?
- SAP has 1,898 published CVE records since 2002, including 332 in the last two years.
- How many SAP CVEs are in CISA KEV?
- Yes — 14 of SAP's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which SAP products have the most CVEs?
- The SAP products with the most published CVEs are 3d visual enterprise viewer, SAP 3D Visual Enterprise Viewer, netweaver, netweaver_application_server_abap, BusinessObjects Business Intelligence Platform.
- What are the most common weakness types in SAP CVEs?
- SAP's CVEs most often map to these CWE weakness types: CWE-862 (Missing Authorization), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-787 (Out-of-bounds Write), CWE-94 (Improper Control of Generation of Code ('Code Injection')).
- Are there public exploits for SAP vulnerabilities?
- Yes — 202 of SAP's CVEs have a known public exploit.
- How many critical SAP vulnerabilities are there?
- SAP has 209 critical and 523 high-severity CVEs.
- What is the average severity of SAP CVEs?
- The average CVSS base score across SAP's scored CVEs is 6.5.