Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8316 | 1 Sap | 1 Businessobjects Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | |||||
| CVE-2014-3130 | 1 Sap | 1 Netweaver Abap Application Server | 2023-12-10 | 4.6 MEDIUM | N/A |
| The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | |||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2023-12-10 | 4.0 MEDIUM | N/A |
| SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2023-12-10 | 7.5 HIGH | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2023-12-10 | 5.0 MEDIUM | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||||
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2820 | 1 Sap | 1 Afaria | 2023-12-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | |||||
| CVE-2015-1309 | 1 Sap | 1 Netweaver Abap | 2023-12-10 | 5.0 MEDIUM | N/A |
| XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. | |||||
| CVE-2014-1965 | 1 Sap | 1 Netweaver | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | |||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
| CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||||
| CVE-2014-9595 | 1 Sap | 1 Sap Kernel | 2023-12-10 | 6.5 MEDIUM | N/A |
| Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. | |||||
| CVE-2014-8311 | 1 Sap | 1 Businessobjects | 2023-12-10 | 3.5 LOW | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | |||||
| CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2023-12-10 | 6.8 MEDIUM | N/A |
| Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||||
| CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2023-12-10 | 7.5 HIGH | N/A |
| The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-9594 | 1 Sap | 1 Sap Kernel | 2023-12-10 | 6.5 MEDIUM | N/A |
| Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. | |||||
| CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||||