Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5751 1 Sap 1 Netweaver 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2011-5154 1 Sap 1 Graphical User Interface 2023-12-10 6.9 MEDIUM N/A
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.
CVE-2013-6816 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6818 1 Sap 1 Netweaver Logviewer 2023-12-10 6.4 MEDIUM N/A
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-3063 1 Sap 1 Basis Communication Services 2023-12-10 6.0 MEDIUM N/A
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-6820 1 Sap 1 Netweaver Development Infrastructure 2023-12-10 9.3 HIGH N/A
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
CVE-2013-6821 1 Sap 1 Netweaver 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-4341 1 Sap 1 Netweaver Abap 2023-12-10 10.0 HIGH N/A
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
CVE-2012-2514 1 Sap 1 Netweaver 2023-12-10 5.0 MEDIUM N/A
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2011-5263 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVE-2012-2611 1 Sap 1 Netweaver 2023-12-10 9.3 HIGH N/A
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
CVE-2013-3062 1 Sap 1 Production Planning And Control 2023-12-10 6.5 MEDIUM N/A
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
CVE-2013-6819 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6284 1 Sap 1 Erp Central Component 2023-12-10 7.5 HIGH N/A
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
CVE-2013-5723 1 Sap 1 Netweaver 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
CVE-2013-3244 1 Sap 1 Erp Central Component 2023-12-10 6.0 MEDIUM N/A
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
CVE-2013-7096 1 Sap 1 Emr Unwired 2023-12-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5260 1 Sap 1 Netweaver 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2013-3243 2 Opentext, Sap 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver 2023-12-10 6.8 MEDIUM N/A
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
CVE-2013-7095 1 Sap 1 Customer Relationship Management 2023-12-10 10.0 HIGH N/A
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.