Sap Business Connector — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Business Connector, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-42892 — CVSS 6.8 (medium): Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent…
CVE-2025-42894 — CVSS 6.8 (medium): Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could…
CVE-2006-0732 — CVSS 6.4 (medium): Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via…
CVE-2025-42886 — CVSS 6.1 (medium): Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a…
CVE-2025-42893 — CVSS 6.1 (medium): Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed…
CVE-2026-0514 — CVSS 6.1 (medium): Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When…
CVE-2006-0731 — CVSS 4.0 (medium): WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks…