Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9613 | 1 Sap | 1 Successfactors | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||||
CVE-2017-16684 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | |||||
CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||||
CVE-2017-14516 | 1 Sap | 1 Businessobjects Financial Consolidation | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | |||||
CVE-2018-2360 | 1 Sap | 1 Sap Kernel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | |||||
CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | |||||
CVE-2017-16679 | 1 Sap | 1 Sap Kernel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | |||||
CVE-2017-16681 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | |||||
CVE-2017-16690 | 1 Sap | 1 Plant Connectivity | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | |||||
CVE-2017-15295 | 1 Sap | 1 Point Of Sale Xpress Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. | |||||
CVE-2017-16685 | 1 Sap | 1 Business Warehouse Universal Data Integration | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | |||||
CVE-2018-2362 | 1 Sap | 1 Hana | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | |||||
CVE-2017-16683 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | |||||
CVE-2017-14511 | 1 Sap | 1 E-recruiting | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798. | |||||
CVE-2017-16689 | 1 Sap | 1 Sap Kernel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | |||||
CVE-2014-8871 | 1 Sap | 1 Hybris | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | |||||
CVE-2017-9845 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | |||||
CVE-2017-8914 | 1 Sap | 1 Hana Xs | 2023-12-10 | 7.5 HIGH | 8.3 HIGH |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | |||||
CVE-2016-10005 | 1 Sap | 1 Solution Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. | |||||
CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. |