Skip to content

Superior Threat Research Labs keeps you ahead of SAP threats

Our SAP security research directly benefits you – our customers. Our ongoing efforts ensure that your SAP systems remain secure, resilient, and ahead of emerging threats.

  • Get the latest threat intelligence: By proactively identifying vulnerabilities and providing detection rules directly in the platform, we help prevent cyber threats before they impact your SAP operations.
  • Continuous Threat Monitoring: Our research strengthens our ability to detect vulnerabilities early (including 0-days), reducing risks and potential downtime.
  • Improved SAP Security Posture: Understanding SAP’s inner workings allows us to develop better security solutions tailored to your needs.
Book a demo
Success stories
Please accept marketing-cookies to watch this video.

Featured in

the-hacker-news
dark-reading
forbes-logo-black
bleepingcomputer logo
logo_SecurityAffairs
security-week
cso-logo-002-300x163
SANS_Institute_Logo
Tecmundo_2x
News.de-Logo

How we contribute

SecurityBridge has made significant contributions to SAP security through more than 15 years of dedicated research

110+ Recognized Findings

Acknowledged by SAP for discovering and responsibly disclosing vulnerabilities.

Open-Source Contributions

Such as Metasploit modules, Nmap signatures, and OWASP projects.

0-Day Protection in SecurityBridge

Ensuring our customers are safeguarded against emerging threats.

divdlogo
DIVD

Our Research Team proudly collaborates with the Dutch Institute for Vulnerability Disclosure to strengthen SAP security worldwide.

What This Means for You

SecurityBridge’s SAP security research is not just about uncovering vulnerabilities—it’s about delivering tangible benefits that enhance your organization’s resilience. By staying ahead of evolving threats, and embedding new discoveries directly in SecurityBridge, we empower you to:

  • Reduce Business Disruptions: Secure systems mean fewer cyber incidents, preventing costly downtime and operational disruptions.
  • Achieve Compliance with Confidence: With regulatory pressures increasing, our security intelligence helps you meet compliance requirements effortlessly.
  • Gain Competitive Advantage: A secure SAP system builds trust with customers, partners, and stakeholders, strengthening your reputation.
  • Stay Ahead of Emerging Threats: Our research ensures your business is equipped with the latest security measures so you never fall behind.
SAP Patch Day

Threat Intelligence Contributions

The SecurityBridge Research Labs continuously deliver Threat Intelligence insights by identifying vulnerabilities in SAP – enabling the entire SAP customer base to become more secure. Here is an overview of some of the vulnerabilities identified by SecurityBridge Research Labs.

OSS note Solution date SAP CVSS Type CVE
3668705
November 2025
9.9
Code Injection vulnerability in SAP Solution Manager
CVE-2025-42887
3643337
November 2025
4.3
Missing Authorization check in SAP NetWeaver Application Server for ABAP
CVE-2025-42882
3634053
November 2025
2.7
Insecure File Operations vulnerability in SAP NetWeaver
Application Server for ABAP (Migration Workbench)
CVE-2025-42883
3623504
September 2025
4.3
Missing authorisation
CVE-2025-42918
3614804
August 2025
6.9
Directory traversal
CVE-2025-42946
3627998
August 2025
9.9
ABAP code injection
CVE-2025-42957
3568865
March 2025
2.4
Missing authorisation
CVE-2025-27432
3557131
March 2025
4.3
Missing authorisation
CVE-2025-23188
3553753
February 2025
4.3
Missing authorisation
CVE-2025-24872
3546470
February 2025
5.3
Missing authorisation
CVE-2025-23187
3550816
January 2025
8.8
Potential SQL injection on informix
CVE-2025-0063
3507252
September 2024
2
Missing authorisation
CVE-2024-44114
3494349
August 2024
4.3
Missing authorisation
CVE-2024-41734
3421659
February 2024
7.4
OS command injection
CVE-2024-22132
3411869
January 2024
8.4
OS command injection
CVE-2024-21737
3399691
December 2023
9.1
OS command injection
CVE-2023-36922
top 10

Top 10 Vulnerability Types

Our research highlights the most common SAP security threats:

  • OS Command Injection (most prevalent)
  • SMB Relay
  • SQL Injection
  • Missing Authorization
  • Information Disclosure
  • Denial of Service (DoS)
  • User Creation with Default Passwords
  • Missing Authorization Checks
  • ABAP Code Injection
  • Master Data Creation Exploits

Your Role? Patch, Patch, Patch!

Stay ahead of threats by applying SAP security patches regularly.
Got questions or need guidance? Reach out to our research team at
[email protected]
Let’s work together to build a more resilient digital ecosystem.

Learn more
sap vulnerability cve - hacker
Understanding the CVE-2022-22536 Vulnerability for SAP 
Today we want to dive into one particular vulnerability which every SAP administrator needs to fix immediately by applying the
sql injection vulnerability
SQL Injection vulnerability in ABAP/4
One sort of security flaw known as SQL Injection is present in many software programs, including those created in ABAP/4.
log4j
CVE-2021-44228 Log4j
The Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote