Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | |||||
CVE-2014-4006 | 1 Sap | 1 Oil Industry Solution Traders And Schedulers Workbench | 2023-12-10 | 5.0 MEDIUM | N/A |
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-4005 | 1 Sap | 1 Brazil | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2015-2072 | 1 Sap | 1 Hana | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | |||||
CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2023-12-10 | 3.5 LOW | N/A |
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-8313 | 1 Sap | 1 Hana | 2023-12-10 | 6.0 MEDIUM | N/A |
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | |||||
CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-6252 | 1 Sap | 1 Netweaver | 2023-12-10 | 6.5 MEDIUM | N/A |
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2023-12-10 | 6.8 MEDIUM | N/A |
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | |||||
CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||||
CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | |||||
CVE-2014-3132 | 1 Sap | 1 Background Processing | 2023-12-10 | 4.0 MEDIUM | N/A |
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
CVE-2014-4161 | 1 Sap | 1 Supplier Relationship Management | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2023-12-10 | 5.0 MEDIUM | N/A |
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||
CVE-2014-8312 | 1 Sap | 1 Netweaver Abap | 2023-12-10 | 3.5 LOW | N/A |
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | |||||
CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||||
CVE-2014-8314 | 1 Sap | 1 Hana | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | |||||
CVE-2014-8592 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | |||||
CVE-2014-8591 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. |