Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4014 | 1 Sap | 1 Netweaver | 2023-12-10 | 9.0 HIGH | 8.6 HIGH |
| XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | |||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | |||||
| CVE-2015-3621 | 1 Sap | 1 Enterprise Central Component | 2023-12-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2015-7728 | 1 Sap | 1 Hana | 2023-12-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | |||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2023-12-10 | 2.1 LOW | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
| CVE-2015-7994 | 1 Sap | 1 Hana | 2023-12-10 | 7.5 HIGH | N/A |
| The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. | |||||
| CVE-2016-4015 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | |||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2023-12-10 | 6.8 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
| CVE-2015-7730 | 1 Sap | 3 Businessobjects, Businessobjects Edge, Businessobjects Xi | 2023-12-10 | 10.0 HIGH | N/A |
| SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. | |||||
| CVE-2016-4018 | 1 Sap | 1 Hana | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | |||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2023-12-10 | 8.5 HIGH | 9.3 CRITICAL |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | |||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||||
| CVE-2015-3449 | 1 Sap | 1 Afaria | 2023-12-10 | 7.2 HIGH | N/A |
| The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | |||||
| CVE-2016-2388 | 1 Sap | 1 Netweaver Application Server Java | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | |||||
| CVE-2016-6150 | 1 Sap | 1 Hana | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | |||||
| CVE-2016-3974 | 1 Sap | 1 Netweaver Application Server Java | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. | |||||
| CVE-2016-6142 | 1 Sap | 1 Hana | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | |||||