| CVE-2014-8310 |
high |
— |
7.1 |
|
|
sap |
12y ago |
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. |
| CVE-2014-5175 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. |
| CVE-2014-5174 |
low |
— |
3.5 |
|
|
sap |
12y ago |
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive info… |
| CVE-2014-5171 |
low |
— |
2.9 |
|
|
sap |
12y ago |
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and othe… |
| CVE-2014-4003 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. |
| CVE-2014-2752 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2751 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2748 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these deta… |
| CVE-2013-7367 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. |
| CVE-2013-7364 |
high |
— |
7.5 |
|
|
sap |
12y ago |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. |
| CVE-2013-7363 |
high |
— |
7.5 |
|
|
sap |
12y ago |
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remo… |
| CVE-2013-7362 |
high |
— |
7.5 |
|
|
sap |
12y ago |
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. |
| CVE-2013-7360 |
high |
— |
7.5 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. |
| CVE-2013-7355 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. |
| CVE-2013-7096 |
high |
— |
7.5 |
|
|
sap |
13y ago |
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-7095 |
critical |
— |
10.0 |
|
|
sap |
13y ago |
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. |
| CVE-2013-7094 |
high |
— |
7.5 |
|
|
sap |
13y ago |
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-6869 |
high |
— |
7.5 |
|
|
sap |
13y ago |
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-6822 |
critical |
— |
10.0 |
|
|
sap |
13y ago |
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. |
| CVE-2013-6820 |
critical |
— |
9.3 |
|
|
sap |
13y ago |
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via un… |
| CVE-2013-6284 |
high |
— |
7.5 |
|
|
sap |
13y ago |
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code vi… |
| CVE-2013-5723 |
high |
— |
7.5 |
|
|
sap |
13y ago |
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." |
| CVE-2012-4341 |
critical |
— |
10.0 |
|
|
sap |
14y ago |
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value… |
| CVE-2012-2611 |
critical |
— |
10.0 |
EXP |
|
sap |
14y ago |
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace config… |
| CVE-2010-2590 |
critical |
— |
10.0 |
EXP |
|
sap |
16y ago |
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute… |
| CVE-2010-4556 |
critical |
— |
9.3 |
|
|
sap |
16y ago |
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTh… |
| CVE-2010-3983 |
critical |
— |
9.0 |
|
|
sap |
16y ago |
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. |
| CVE-2010-0219 |
critical |
— |
10.0 |
EXP |
|
apachesap |
16y ago |
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier … |
| CVE-2009-4988 |
critical |
— |
10.0 |
EXP |
|
sap |
16y ago |
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. |
| CVE-2010-3032 |
critical |
— |
10.0 |
|
|
sap |
16y ago |
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly… |
| CVE-2010-1185 |
critical |
— |
10.0 |
EXP |
|
sap |
16y ago |
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to T… |
