Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8852 | 1 Sap | 1 Sapcar | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560. | |||||
CVE-2016-10311 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | |||||
CVE-2016-6818 | 1 Sap | 1 Business Intelligence Platform | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633. | |||||
CVE-2016-3639 | 1 Sap | 1 Hana Db | 2023-12-10 | 5.0 MEDIUM | 4.3 MEDIUM |
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | |||||
CVE-2016-7435 | 1 Sap | 1 Netweaver | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | |||||
CVE-2016-3635 | 1 Sap | 1 Netweaver | 2023-12-10 | 6.0 MEDIUM | 7.5 HIGH |
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | |||||
CVE-2016-6144 | 1 Sap | 1 Hana | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | |||||
CVE-2016-4017 | 1 Sap | 1 Hana | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | |||||
CVE-2015-7986 | 1 Sap | 1 Hana | 2023-12-10 | 7.5 HIGH | N/A |
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | |||||
CVE-2015-2282 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | |||||
CVE-2015-5068 | 1 Sap | 1 Mobile Platform | 2023-12-10 | 7.5 HIGH | N/A |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | |||||
CVE-2016-2389 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | |||||
CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | |||||
CVE-2016-3976 | 1 Sap | 1 Netweaver Application Server Java | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | |||||
CVE-2015-7727 | 1 Sap | 1 Hana | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | |||||
CVE-2016-2387 | 1 Sap | 1 Netweaver | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | |||||
CVE-2016-6147 | 1 Sap | 1 Trex | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||||
CVE-2016-6139 | 1 Sap | 1 Trex | 2023-12-10 | 7.6 HIGH | 9.8 CRITICAL |
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||||
CVE-2015-4092 | 1 Sap | 1 Afaria | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | |||||
CVE-2015-8330 | 1 Sap | 1 Plant Connectivity | 2023-12-10 | 7.8 HIGH | N/A |
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. |