Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2014-05-20 | 5.0 MEDIUM | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||||
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2014-05-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3133 | 1 Sap | 1 Netweaver Java Application Server | 2014-05-10 | 5.0 MEDIUM | N/A |
| SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | |||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2014-05-10 | 4.0 MEDIUM | N/A |
| SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2014-05-10 | 4.0 MEDIUM | N/A |
| SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
| CVE-2014-3130 | 1 Sap | 1 Netweaver Abap Application Server | 2014-05-10 | 4.6 MEDIUM | N/A |
| The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | |||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2014-05-10 | 5.0 MEDIUM | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
| CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2014-04-11 | 7.5 HIGH | N/A |
| SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2014-04-11 | 5.0 MEDIUM | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2014-04-11 | 7.5 HIGH | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
| CVE-2013-7363 | 1 Sap | 1 Solution Manager | 2014-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. | |||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2014-04-11 | 7.5 HIGH | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2014-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||||
| CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2014-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | |||||
| CVE-2013-7359 | 1 Sap | 1 Mobile Infrastructure | 2014-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | |||||
| CVE-2013-7358 | 1 Sap | 1 Guided Procedures Archive Monitor | 2014-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | |||||
| CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2014-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||||
| CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2014-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2014-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||||
| CVE-2013-3062 | 1 Sap | 1 Production Planning And Control | 2014-03-07 | 6.5 MEDIUM | N/A |
| The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||