SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.
bfc27f59ffa7a1d020eb1883e06f1b2a7891a0fff09f6afb7a4aef11cea69616
SAP Application Server ABAP and ABAP Platform suffer from an open redirection vulnerability.
f8a86e1ec6294f4d7dee0eea91e8ccb3c482b6308374f2c5cad6eb05ed9e9b3e
SAP Enable Now Manager version 10.6.5 Build 2804 Cloud Edition suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
5209392bfef3cdde923a53ecc1c986fc8d93a111938c556cbaaea3d08eb62ce2
Whitepaper titled Everyone Knows SAP, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later.
ec3e058c8f83be6779103d8bb8f9cdbd4b8c1663435f67a9d7c36923c7afe54a
SAP@ Host Agent suffers from a privilege escalation vulnerability.
7c71684dfc51632d615c1bea2d4d3c8f8748188c71cefd4bd1e38faea7cc5408
SAP SAProuter suffers from an improper access control vulnerability where permitting loopback traffic can lead to unexpected behavior.
91240243e7e61439bb89c02bbb4588f61e70077ca27fc537904e51613f2c8bd3
The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.
431dc815f86760913b7ea6a072291378a6fef4f738687bbc91541e8aa7a5a417