Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8600 1 Sap 1 Mobile Platform 2023-12-10 7.5 HIGH N/A
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.
CVE-2015-6663 1 Sap 1 Afaria 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.
CVE-2015-4161 1 Sap 1 Afaria 2023-12-10 7.5 HIGH N/A
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
CVE-2016-1928 1 Sap 1 Hana 2023-12-10 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.
CVE-2016-1911 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.
CVE-2015-7992 1 Sap 1 Hana 2023-12-10 4.0 MEDIUM N/A
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.
CVE-2016-2536 2 Google, Sap 2 Sketchup, 3d Visual Enterprise Viewer 2023-12-10 6.8 MEDIUM 8.8 HIGH
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
CVE-2015-6664 1 Sap 1 Mobile Platform 2023-12-10 6.8 MEDIUM N/A
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
CVE-2015-8753 1 Sap 1 Afaria 2023-12-10 9.4 HIGH 9.1 CRITICAL
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.
CVE-2016-3638 1 Sap 1 Sld Registration 2023-12-10 2.1 LOW 5.5 MEDIUM
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.
CVE-2016-6138 1 Sap 1 Trex 2023-12-10 10.0 HIGH 9.8 CRITICAL
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVE-2014-3787 1 Sap 1 Netweaver 2023-12-10 5.0 MEDIUM N/A
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
CVE-2015-2818 1 Sap 1 Mobile Platform 2023-12-10 5.0 MEDIUM N/A
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.
CVE-2013-7364 1 Sap 1 Netweaver 2023-12-10 7.5 HIGH N/A
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
CVE-2014-8662 1 Sap 1 Payroll Process 2023-12-10 7.8 HIGH N/A
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
CVE-2014-8309 1 Sap 2 Businessobjects, Businessobjects Xi 2023-12-10 5.0 MEDIUM N/A
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVE-2014-9264 1 Sap 1 Sql Anywhere 2023-12-10 7.5 HIGH N/A
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
CVE-2014-4009 1 Sap 1 Computing Center Management System Monitoring 2023-12-10 5.0 MEDIUM N/A
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2013-7358 1 Sap 1 Guided Procedures Archive Monitor 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.
CVE-2014-5505 1 Sap 1 Crystal Reports 2023-12-10 6.8 MEDIUM N/A
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.