Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||||
CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | |||||
CVE-2014-2749 | 1 Sap | 1 Hana | 2023-12-10 | 5.0 MEDIUM | N/A |
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. | |||||
CVE-2014-4003 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.5 HIGH | N/A |
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | |||||
CVE-2014-5172 | 1 Sap | 1 Hana | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-1963 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2013-3678 | 1 Sap | 1 Governance Risk And Compliance | 2023-12-10 | 9.0 HIGH | N/A |
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | |||||
CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||||
CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2023-12-10 | 6.0 MEDIUM | N/A |
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | |||||
CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2023-12-10 | 7.1 HIGH | N/A |
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||||
CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2023-12-10 | 7.5 HIGH | N/A |
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||||
CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2023-12-10 | 7.5 HIGH | N/A |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||||
CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2023-12-10 | 7.5 HIGH | N/A |
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
CVE-2015-2812 | 1 Sap | 1 Netweaver Enterprise Portal | 2023-12-10 | 5.0 MEDIUM | N/A |
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | |||||
CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2023-12-10 | 6.4 MEDIUM | N/A |
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | |||||
CVE-2015-2811 | 1 Sap | 1 Netweaver Enterprise Portal | 2023-12-10 | 5.0 MEDIUM | N/A |
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | |||||
CVE-2014-4011 | 1 Sap | 1 Capacity Leveling | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |