Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5505 | 1 Sap | 1 Crystal Reports | 2017-09-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | |||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2017-08-29 | 7.5 HIGH | N/A |
| The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||||
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2017-08-29 | 3.5 LOW | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-2749 | 1 Sap | 1 Hana | 2017-08-29 | 5.0 MEDIUM | N/A |
| The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. | |||||
| CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2017-08-29 | 7.5 HIGH | N/A |
| The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-5751 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2512 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2511 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2017-08-29 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. | |||||
| CVE-2016-6856 | 1 Sap | 1 Hybris | 2017-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter. | |||||
| CVE-2010-4556 | 1 Sap | 1 Netweaver Business Client | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2017-08-17 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||
| CVE-2010-2904 | 1 Sap | 2 Netweaver, System Landscape Directory | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | |||||
| CVE-2017-8852 | 1 Sap | 1 Sapcar | 2017-08-16 | 6.8 MEDIUM | 7.8 HIGH |
| SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560. | |||||
| CVE-2008-4387 | 3 Microsoft, Sap, Simba Technologies | 3 Internet Explorer, Sapgui, Mdrmsap Activex Control | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. | |||||
| CVE-2008-2123 | 1 Sap | 1 Internet Transaction Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. | |||||