Filtered by vendor Sap
Subscribe
Total
1568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3639 | 1 Sap | 1 Hana Db | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
|
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.
|
|||||
| CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2025-04-12 | 6.0 MEDIUM | N/A |
|
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2015-2812 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
|
|||||
| CVE-2016-6144 | 1 Sap | 1 Hana | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
|
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
|
|||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
|
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.
|
|||||
| CVE-2015-7727 | 1 Sap | 1 Hana | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
|
|||||
| CVE-2016-9562 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
|
|||||
| CVE-2015-2818 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.
|
|||||
| CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
|
|||||
| CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
|
|||||
| CVE-2014-0984 | 1 Sap | 1 Router | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
|
|||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.
|
|||||
| CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2025-04-12 | 7.5 HIGH | N/A |
|
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2015-6664 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 6.8 MEDIUM | N/A |
|
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
|
|||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
|
|||||
| CVE-2015-7725 | 1 Sap | 1 Hana | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.
|
|||||
| CVE-2016-4017 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
|
|||||
| CVE-2016-7435 | 1 Sap | 1 Netweaver | 2025-04-12 | 9.0 HIGH | 9.1 CRITICAL |
|
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.
|
|||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.
|
|||||
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
|
|||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2025-04-12 | 4.0 MEDIUM | N/A |
|
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
|
|||||
| CVE-2015-3621 | 1 Sap | 1 Enterprise Central Component | 2025-04-12 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program.
|
|||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2025-04-12 | 7.5 HIGH | N/A |
|
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
|
|||||
| CVE-2015-8600 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 7.5 HIGH | N/A |
|
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.
|
|||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
|
|||||
| CVE-2016-6148 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.
|
|||||
| CVE-2016-3975 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.
|
|||||
| CVE-2015-8753 | 1 Sap | 1 Afaria | 2025-04-12 | 9.4 HIGH | 9.1 CRITICAL |
|
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.
|
|||||
| CVE-2014-9594 | 1 Sap | 1 Sap Kernel | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
|
|||||
| CVE-2015-7991 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854.
|
|||||
| CVE-2016-6146 | 1 Sap | 1 Trex | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.
|
|||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2025-04-12 | 4.0 MEDIUM | N/A |
|
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
|
|||||
| CVE-2016-6137 | 1 Sap | 1 Trex | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
|
|||||
| CVE-2014-4005 | 1 Sap | 1 Brazil | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
|
|||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2025-04-12 | 7.2 HIGH | N/A |
|
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2014-5173 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
|
|||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.
|
|||||
| CVE-2014-8667 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||