Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5751 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2023-12-10 | 6.9 MEDIUM | N/A |
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-6816 | 1 Sap | 1 Netweaver | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6818 | 1 Sap | 1 Netweaver Logviewer | 2023-12-10 | 6.4 MEDIUM | N/A |
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2013-3063 | 1 Sap | 1 Basis Communication Services | 2023-12-10 | 6.0 MEDIUM | N/A |
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2013-6820 | 1 Sap | 1 Netweaver Development Infrastructure | 2023-12-10 | 9.3 HIGH | N/A |
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. | |||||
CVE-2013-6821 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2012-4341 | 1 Sap | 1 Netweaver Abap | 2023-12-10 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. | |||||
CVE-2012-2514 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
CVE-2011-5263 | 1 Sap | 1 Netweaver | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
CVE-2012-2611 | 1 Sap | 1 Netweaver | 2023-12-10 | 9.3 HIGH | N/A |
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | |||||
CVE-2013-3062 | 1 Sap | 1 Production Planning And Control | 2023-12-10 | 6.5 MEDIUM | N/A |
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
CVE-2013-6819 | 1 Sap | 1 Netweaver | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6284 | 1 Sap | 1 Erp Central Component | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." | |||||
CVE-2013-5723 | 1 Sap | 1 Netweaver | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||||
CVE-2013-3244 | 1 Sap | 1 Erp Central Component | 2023-12-10 | 6.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | |||||
CVE-2013-7096 | 1 Sap | 1 Emr Unwired | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2011-5260 | 1 Sap | 1 Netweaver | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | |||||
CVE-2013-7095 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 10.0 HIGH | N/A |
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. |