Filtered by vendor Sap
Subscribe
Total
1568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3994 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.
|
|||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
|
|||||
| CVE-2015-6663 | 1 Sap | 1 Afaria | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.
|
|||||
| CVE-2015-7986 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
|
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
|
|||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
|
|||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | 8.5 HIGH | 9.3 CRITICAL |
|
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.
|
|||||
| CVE-2016-3974 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
|
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
|
|||||
| CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
|
|||||
| CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-4004 | 1 Sap | 1 Project System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2015-6507 | 1 Sap | 1 Hana | 2025-04-12 | 7.2 HIGH | N/A |
|
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.
|
|||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
|
|||||
| CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | 7.5 HIGH | N/A |
|
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
|
|||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2025-04-12 | 7.5 HIGH | N/A |
|
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.
|
|||||
| CVE-2015-2813 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
|
|||||
| CVE-2016-3973 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
|
|||||
| CVE-2016-6856 | 1 Sap | 1 Hybris | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.
|
|||||
| CVE-2014-3130 | 1 Sap | 1 Netweaver Abap Application Server | 2025-04-12 | 4.6 MEDIUM | N/A |
|
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.
|
|||||
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.
|
|||||
| CVE-2015-4157 | 1 Sap | 1 Content Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.
|
|||||
| CVE-2013-7359 | 1 Sap | 1 Mobile Infrastructure | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue.
|
|||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
|
|||||
| CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
|
|||||
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2025-04-12 | 6.8 MEDIUM | N/A |
|
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.
|
|||||
| CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
|
|||||
| CVE-2014-9264 | 1 Sap | 1 Sql Anywhere | 2025-04-12 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
|
|||||
| CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
|
|||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.8 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
|
|||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2025-04-12 | 7.1 HIGH | N/A |
|
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
|
|||||
| CVE-2015-7828 | 1 Sap | 1 Hana | 2025-04-12 | 10.0 HIGH | N/A |
|
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
|
|||||
| CVE-2014-9387 | 1 Sap | 1 Businessobjects | 2025-04-12 | 10.0 HIGH | N/A |
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
|
|||||
| CVE-2016-3979 | 1 Sap | 1 Java As | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
|
|||||
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2025-04-12 | 7.5 HIGH | N/A |
|
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2015-2811 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
|
|||||
| CVE-2014-9595 | 1 Sap | 1 Sap Kernel | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
|
|||||
| CVE-2014-8316 | 1 Sap | 1 Businessobjects Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
|
|||||
| CVE-2014-2749 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
|
|||||
| CVE-2015-2282 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
|
|||||
| CVE-2015-7726 | 1 Sap | 1 Hana | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
|
|||||