Filtered by vendor Sap
Subscribe
Total
1568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4161 | 1 Sap | 1 Afaria | 2025-04-12 | 7.5 HIGH | N/A |
|
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
|
|||||
| CVE-2016-3684 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
|
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.
|
|||||
| CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors.
|
|||||
| CVE-2013-7363 | 1 Sap | 1 Solution Manager | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.
|
|||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | 7.5 HIGH | N/A |
|
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
|
|||||
| CVE-2015-3449 | 1 Sap | 1 Afaria | 2025-04-12 | 7.2 HIGH | N/A |
|
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.
|
|||||
| CVE-2014-2752 | 1 Sap | 1 Business Object Processing Framework For Abap | 2025-04-12 | 7.5 HIGH | N/A |
|
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2014-5505 | 1 Sap | 1 Crystal Reports | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
|
|||||
| CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors.
|
|||||
| CVE-2015-2819 | 1 Sap | 1 Sql Anywhere | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.
|
|||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-1309 | 1 Sap | 1 Netweaver Abap | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
|
|||||
| CVE-2014-5172 | 1 Sap | 1 Hana | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2015-7994 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
|
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.
|
|||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2012-1291 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.
|
|||||
| CVE-2011-4707 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
|
|||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
|
|||||
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
|
|||||
| CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.
|
|||||
| CVE-2013-6284 | 1 Sap | 1 Erp Central Component | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
|
|||||
| CVE-2010-2347 | 1 Sap | 2 J2ee Engine Core, Server Core | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.
|
|||||
| CVE-2010-3980 | 1 Sap | 1 Businessobjects | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.
|
|||||
| CVE-2010-2103 | 3 3com, Apache, Sap | 3 Intelligent Management Center, Axis2, Business Objects | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-6821 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2010-3032 | 1 Sap | 1 Crystal Reports | 2025-04-11 | 10.0 HIGH | N/A |
|
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-5263 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
|
|||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
|||||
| CVE-2014-1961 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
|
|||||
| CVE-2013-3244 | 1 Sap | 1 Erp Central Component | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
|
|||||
| CVE-2009-4988 | 1 Sap | 1 Business One 2005-a | 2025-04-11 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
|
|||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
|
|||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
|
|||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-3063 | 1 Sap | 1 Basis Communication Services | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2013-7095 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | 10.0 HIGH | N/A |
|
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
|
|||||