Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1579 | 1 Sap | 1 Sapgui | 2017-07-11 | 5.0 MEDIUM | N/A |
| SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | |||||
| CVE-2002-1578 | 1 Sap | 1 Sap R 3 | 2017-07-11 | 7.5 HIGH | N/A |
| The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected. | |||||
| CVE-2002-1577 | 1 Sap | 1 Sap R 3 | 2017-07-11 | 7.5 HIGH | N/A |
| SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts. | |||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2017-07-11 | 7.2 HIGH | N/A |
| lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | |||||
| CVE-2016-6143 | 1 Sap | 1 Hana | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | |||||
| CVE-2017-7691 | 1 Sap | 1 Trex | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||||
| CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2017-03-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | |||||
| CVE-2016-10079 | 1 Sap | 1 Saplpd | 2017-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||||
| CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2017-01-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||||
| CVE-2016-6859 | 1 Sap | 1 Hybris | 2017-01-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | |||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2017-01-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
| CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2017-01-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | |||||
| CVE-2015-4161 | 1 Sap | 1 Afaria | 2016-12-31 | 7.5 HIGH | N/A |
| SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | |||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2016-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2014-4159 | 1 Sap | 1 Supplier Relationship Management | 2016-12-16 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2015-3449 | 1 Sap | 1 Afaria | 2016-12-06 | 7.2 HIGH | N/A |
| The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | |||||
| CVE-2016-7435 | 1 Sap | 1 Netweaver | 2016-11-28 | 9.0 HIGH | 9.1 CRITICAL |
| The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | |||||
| CVE-2016-6150 | 1 Sap | 1 Hana | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | |||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
| SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||||
| CVE-2016-6148 | 1 Sap | 1 Hana | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136. | |||||