Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Total 1426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7096 1 Sap 1 Emr Unwired 2018-12-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7095 1 Sap 1 Customer Relationship Management 2018-12-10 10.0 HIGH N/A
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
CVE-2013-7094 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7093 1 Sap 1 Network Interface Router 2018-12-10 5.0 MEDIUM N/A
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.
CVE-2013-6869 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6823 1 Sap 1 Netweaver 2018-12-10 6.4 MEDIUM N/A
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-6822 1 Sap 1 Netweaver 2018-12-10 10.0 HIGH N/A
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
CVE-2013-6821 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-6820 1 Sap 1 Netweaver Development Infrastructure 2018-12-10 9.3 HIGH N/A
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
CVE-2013-6819 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6818 1 Sap 1 Netweaver Logviewer 2018-12-10 6.4 MEDIUM N/A
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-6817 1 Sap 1 Network Interface Router 2018-12-10 6.8 MEDIUM N/A
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
CVE-2013-6816 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6815 1 Sap 1 Netweaver 2018-12-10 5.0 MEDIUM N/A
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2013-6814 1 Sap 1 Netweaver 2018-12-10 5.8 MEDIUM N/A
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
CVE-2013-5723 1 Sap 1 Netweaver 2018-12-10 7.5 HIGH N/A
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
CVE-2011-5260 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-4707 1 Sap 1 Netweaver 2018-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
CVE-2018-2463 1 Sap 1 Hybris 2018-11-29 5.0 MEDIUM 8.6 HIGH
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
CVE-2018-2462 1 Sap 1 Netweaver 2018-11-26 6.5 MEDIUM 8.8 HIGH
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.