| CVE-2015-7239 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-6664 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact v… |
| CVE-2015-6663 |
medium |
— |
4.3 |
|
|
sap |
11y ago |
Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, a… |
| CVE-2015-6662 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security N… |
| CVE-2015-3449 |
high |
— |
7.2 |
|
|
sap |
11y ago |
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService… |
| CVE-2015-5068 |
high |
— |
7.5 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security … |
| CVE-2015-5067 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes … |
| CVE-2015-4161 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown… |
| CVE-2015-4160 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. |
| CVE-2015-4159 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. |
| CVE-2015-4158 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. |
| CVE-2015-4157 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. |
| CVE-2015-2282 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Appl… |
| CVE-2015-2278 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver… |
| CVE-2015-3995 |
medium |
— |
4.0 |
|
|
sap |
11y ago |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. |
| CVE-2015-3994 |
medium |
— |
4.0 |
|
|
sap |
11y ago |
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, ak… |
| CVE-2015-4092 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Secu… |
| CVE-2015-4091 |
high |
— |
7.5 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to t… |
| CVE-2015-3981 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. |
| CVE-2015-3980 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. |
| CVE-2015-3979 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. |
| CVE-2015-2820 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. |
| CVE-2015-2819 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. |
| CVE-2015-2818 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. |
| CVE-2015-2817 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. |
| CVE-2015-2816 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. |
| CVE-2015-2815 |
medium |
— |
6.5 |
|
|
sap |
11y ago |
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of servic… |
| CVE-2015-2814 |
medium |
— |
6.4 |
|
|
sap |
11y ago |
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl,… |
| CVE-2015-2813 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. |
| CVE-2015-2812 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Secur… |
| CVE-2015-2811 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Not… |
| CVE-2015-2107 |
medium |
— |
6.8 |
|
|
hpsap |
11y ago |
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. |
| CVE-2015-2076 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. |
| CVE-2015-2075 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. |
| CVE-2015-2072 |
medium |
— |
4.3 |
|
|
sap |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML … |
| CVE-2015-1312 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown … |
| CVE-2015-1309 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML reques… |
| CVE-2014-9595 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… |
| CVE-2014-9594 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… |
| CVE-2014-9569 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtr… |
| CVE-2014-9264 |
high |
— |
7.5 |
|
|
sap |
12y ago |
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. |
| CVE-2014-8668 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8667 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-8666 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. |
| CVE-2014-8665 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. |
| CVE-2014-8664 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8663 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8662 |
high |
— |
7.8 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. |
| CVE-2014-8660 |
high |
— |
7.2 |
|
|
sap |
12y ago |
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. |
| CVE-2014-8659 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2014-0995 |
medium |
— |
6.0 |
EXP |
|
sap |
12y ago |
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the… |
| CVE-2014-8592 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. |
| CVE-2014-8591 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown ve… |
| CVE-2014-8590 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. |
| CVE-2014-8589 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. |
| CVE-2014-8587 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) sign… |
| CVE-2014-8316 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explo… |
| CVE-2014-8315 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attack… |
| CVE-2014-8314 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/Da… |
| CVE-2014-8313 |
medium |
— |
6.0 |
|
|
sap |
12y ago |
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. |
| CVE-2014-8310 |
high |
— |
7.1 |
|
|
sap |
12y ago |
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. |
| CVE-2014-8309 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which all… |
| CVE-2014-8308 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-6252 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbi… |
| CVE-2014-5506 |
medium |
— |
6.8 |
|
|
sap |
12y ago |
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. |
| CVE-2014-5505 |
medium |
— |
6.8 |
|
|
sap |
12y ago |
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. |
| CVE-2014-5176 |
medium |
— |
6.0 |
|
|
sap |
12y ago |
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-5175 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. |
| CVE-2014-5173 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. |
| CVE-2014-5172 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4161 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| CVE-2014-4160 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (… |
| CVE-2014-4159 |
medium |
— |
5.8 |
|
|
sap |
12y ago |
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a … |
| CVE-2014-4012 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4011 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4010 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4009 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4008 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4007 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4006 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4005 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4004 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4003 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. |
| CVE-2014-3787 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. |
| CVE-2014-3134 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-3133 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to … |
| CVE-2014-3132 |
medium |
— |
4.0 |
|
|
sap |
12y ago |
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7… |
| CVE-2014-3131 |
medium |
— |
4.0 |
|
|
sap |
12y ago |
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. |
| CVE-2014-3130 |
medium |
— |
4.6 |
|
|
sap |
12y ago |
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and exe… |
| CVE-2014-3129 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. |
| CVE-2014-0984 |
medium |
— |
5.3 |
EXP |
|
sap |
12y ago |
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrec… |
| CVE-2014-2752 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2751 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2749 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. |
| CVE-2014-2748 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these deta… |
| CVE-2013-7367 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. |
| CVE-2013-7366 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. |
| CVE-2013-7365 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| CVE-2013-7364 |
high |
— |
7.5 |
|
|
sap |
12y ago |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. |
| CVE-2013-7363 |
high |
— |
7.5 |
|
|
sap |
12y ago |
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remo… |
