SAP

Security Scorecard

Score

71C

Total CVEs

44

Patch Rate

50%

22 patched

Avg Response

-

days to patch

Critical Gaps

1

exploitable, no detection

Severity Breakdown

Critical6

High6

Medium32

Low0

Patch Status

Patched22 (50%)

Partial/Workaround4 (9%)

Unpatched18 (41%)

CVEs (44)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2026-0500	SAP WorkStation Vulnerability	Critical	9.6	-	Workaround
CVE-2026-0501	SAP S/4HANA Financials General Ledger SQL Injection	Critical	9.9	-	Patched
CVE-2026-0503	SAP ECC and S/4HANA EHS Management Auth Bypass	Medium	6.4	-	Workaround
CVE-2026-0507	SAP Application Server for ABAP OS Command Injection	High	8.4	-	Patched
CVE-2026-0511	SAP Fiori App Intercompany Balance Reconciliation Vulnerability	High	8.1	-	Patched
CVE-2026-0513	SAP SICF Handler Open Redirect Vulnerability	Medium	4.7	-	Patched
CVE-2026-0514	SAP Business Connector XSS	Medium	6.1	-	Patched
CVE-2025-42880	CVE-2025-42880	Critical	9.9	-	Patched
CVE-2025-42878	SAP Web Dispatcher and ICM Internal Testing Interface Bypass	High	8.2	-	Workaround
CVE-2025-42874	SAP NetWeaver Remote Service Xcelsius Bypass	High	7.9	-	Patched