Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9387 | 1 Sap | 1 Businessobjects | 2023-12-10 | 10.0 HIGH | N/A |
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | |||||
CVE-2014-4159 | 1 Sap | 1 Supplier Relationship Management | 2023-12-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2023-12-10 | 4.3 MEDIUM | N/A |
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | |||||
CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-8667 | 1 Sap | 1 Hana Web-based Development Workbench | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||||
CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-2815 | 1 Sap | 1 Netweaver | 2023-12-10 | 6.5 MEDIUM | N/A |
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | |||||
CVE-2014-0984 | 1 Sap | 1 Router | 2023-12-10 | 4.3 MEDIUM | N/A |
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. | |||||
CVE-2013-6244 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-6814 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.8 MEDIUM | N/A |
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||||
CVE-2013-6869 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-7093 | 1 Sap | 1 Network Interface Router | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||||
CVE-2013-3319 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||||
CVE-2012-2513 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
CVE-2012-2512 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
CVE-2012-2612 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
CVE-2013-6815 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-2511 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. |