Filtered by vendor Sap
Subscribe
Total
1485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4018 | 1 Sap | 1 Hana | 2018-12-10 | 7.5 HIGH | 7.3 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | |||||
| CVE-2015-8753 | 1 Sap | 1 Afaria | 2018-12-10 | 9.4 HIGH | 9.1 CRITICAL |
| SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | |||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2017-11459 | 1 Sap | 1 Trex | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | |||||
| CVE-2015-2813 | 1 Sap | 1 Mobile Platform | 2018-12-10 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||||
| CVE-2013-6816 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9845 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.8 HIGH | 7.5 HIGH |
| disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | |||||
| CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2018-12-10 | 4.3 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | |||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||||
| CVE-2015-8330 | 1 Sap | 1 Plant Connectivity | 2018-12-10 | 7.8 HIGH | N/A |
| The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | |||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.8 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | |||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2018-12-10 | 7.2 HIGH | N/A |
| SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-1928 | 1 Sap | 1 Hana | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. | |||||
| CVE-2016-4016 | 1 Sap | 1 Java As | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | |||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.4 MEDIUM | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||||