Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6147 | 1 Sap | 1 Trex | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||||
| CVE-2016-6145 | 1 Sap | 1 Hana Db | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | |||||
| CVE-2016-6144 | 1 Sap | 1 Hana | 2016-11-28 | 4.3 MEDIUM | 8.1 HIGH |
| The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | |||||
| CVE-2016-6140 | 1 Sap | 1 Trex | 2016-11-28 | 7.6 HIGH | 9.8 CRITICAL |
| SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | |||||
| CVE-2016-6139 | 1 Sap | 1 Trex | 2016-11-28 | 7.6 HIGH | 9.8 CRITICAL |
| SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||||
| CVE-2016-6138 | 1 Sap | 1 Trex | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2016-11-28 | 4.6 MEDIUM | 7.8 HIGH |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | |||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | |||||
| CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2016-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2016-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2016-11-28 | 5.0 MEDIUM | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||||
| CVE-2015-4157 | 1 Sap | 1 Content Server | 2016-11-28 | 5.0 MEDIUM | N/A |
| SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | |||||
| CVE-2003-0265 | 1 Sap | 1 Sap Db | 2016-10-18 | 6.2 MEDIUM | N/A |
| Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed. | |||||
| CVE-2016-3638 | 1 Sap | 1 Sld Registration | 2016-10-14 | 2.1 LOW | 5.5 MEDIUM |
| SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | |||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2016-10-13 | 2.1 LOW | 3.3 LOW |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
| CVE-2016-6142 | 1 Sap | 1 Hana | 2016-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | |||||
| CVE-2016-6146 | 1 Sap | 1 Trex | 2016-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||||
| CVE-2016-6137 | 1 Sap | 1 Trex | 2016-09-28 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | |||||