Sap Business Connector
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sap Business Connector.
By the Year
In 2026 there have been 1 vulnerability in Sap Business Connector with an average score of 6.1 out of ten. Last year, in 2025 Sap Business Connector had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sap Business Connector in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.35
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.10 |
| 2025 | 4 | 6.45 |
It may take a day or so for new Sap Business Connector vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sap Business Connector Security Vulnerabilities
XSS in SAP Business Connector Allows Redirection to Malicious Site
CVE-2026-0514
6.1 - Medium
- January 13, 2026
Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
XSS
SAP Business Connector Path Traversal Allows File I/O & Exec
CVE-2025-42894
6.8 - Medium
- November 11, 2025
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete compromise of the confidentiality, integrity, and availability of the affected system.
Directory traversal
SAP Business Connector Open Redirect via Embedded Frame
CVE-2025-42893
6.1 - Medium
- November 11, 2025
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability.
Open Redirect
OS Command Injection in SAP Business Connector (CVE-2025-42892)
CVE-2025-42892
6.8 - Medium
- November 11, 2025
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the systems confidentiality, integrity, and availability.
Shell injection
SAP Business Connector Reflected XSS Enables Authenticated Execution
CVE-2025-42886
6.1 - Medium
- November 11, 2025
Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's browser context. This could allow the attacker to access or modify information within the victims browser scope, impacting confidentiality and integrity, while availability remains unaffected
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sap Business Connector or by SAP? Click the Watch button to subscribe.
