Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6137 | 1 Sap | 1 Trex | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | |||||
CVE-2015-7991 | 1 Sap | 1 Hana | 2023-12-10 | 5.0 MEDIUM | N/A |
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. | |||||
CVE-2015-3995 | 1 Sap | 1 Hana | 2023-12-10 | 4.0 MEDIUM | N/A |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | |||||
CVE-2015-7726 | 1 Sap | 1 Hana | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. | |||||
CVE-2016-4016 | 1 Sap | 1 Java As | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | |||||
CVE-2016-6145 | 1 Sap | 1 Hana Db | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | |||||
CVE-2015-8029 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-12-10 | 6.8 MEDIUM | N/A |
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | |||||
CVE-2015-7993 | 1 Sap | 1 Hana | 2023-12-10 | 7.5 HIGH | N/A |
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. | |||||
CVE-2010-5326 | 1 Sap | 1 Netweaver Application Server Java | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | |||||
CVE-2015-7725 | 1 Sap | 1 Hana | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765. | |||||
CVE-2015-3994 | 1 Sap | 1 Hana | 2023-12-10 | 4.0 MEDIUM | N/A |
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||||
CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | |||||
CVE-2016-7437 | 1 Sap | 1 Netweaver | 2023-12-10 | 2.1 LOW | 3.3 LOW |
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
CVE-2015-5067 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.5 HIGH | N/A |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | |||||
CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||||
CVE-2016-3640 | 1 Sap | 1 Hana Db | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. | |||||
CVE-2015-7729 | 1 Sap | 1 Hana | 2023-12-10 | 6.5 MEDIUM | N/A |
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | |||||
CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||||
CVE-2015-4091 | 1 Sap | 1 Sap Netweaver Application Server Java | 2023-12-10 | 7.5 HIGH | N/A |
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. |