Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8588 | 1 Sap | 1 Hana | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 5.0 MEDIUM | N/A |
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-7359 | 1 Sap | 1 Mobile Infrastructure | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | |||||
CVE-2015-2813 | 1 Sap | 1 Mobile Platform | 2023-12-10 | 5.0 MEDIUM | N/A |
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||||
CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2023-12-10 | 7.2 HIGH | N/A |
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2015-2816 | 1 Sap | 1 Afaria | 2023-12-10 | 7.5 HIGH | N/A |
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||||
CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2023-12-10 | 10.0 HIGH | N/A |
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2014-0995 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | |||||
CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-4007 | 1 Sap | 1 Upgrade Tools | 2023-12-10 | 5.0 MEDIUM | N/A |
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-1961 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | |||||
CVE-2014-4004 | 1 Sap | 1 Project System | 2023-12-10 | 5.0 MEDIUM | N/A |
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 10.0 HIGH | N/A |
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-2819 | 1 Sap | 1 Sql Anywhere | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | |||||
CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2023-12-10 | 7.5 HIGH | N/A |
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-3133 | 1 Sap | 1 Netweaver Java Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | |||||
CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | |||||
CVE-2014-2752 | 1 Sap | 1 Business Object Processing Framework For Abap | 2023-12-10 | 7.5 HIGH | N/A |
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2013-7363 | 1 Sap | 1 Solution Manager | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. |