| CVE-2015-2817 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. |
| CVE-2015-2815 |
medium |
— |
6.5 |
|
|
sap |
11y ago |
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of servic… |
| CVE-2015-2814 |
medium |
— |
6.4 |
|
|
sap |
11y ago |
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl,… |
| CVE-2015-2813 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. |
| CVE-2015-2812 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Secur… |
| CVE-2015-2811 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Not… |
| CVE-2015-2107 |
medium |
— |
6.8 |
|
|
hpsap |
11y ago |
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. |
| CVE-2015-2076 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. |
| CVE-2015-2075 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. |
| CVE-2015-2072 |
medium |
— |
4.3 |
|
|
sap |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML … |
| CVE-2015-1311 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is un… |
| CVE-2015-1309 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML reques… |
| CVE-2014-9595 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… |
| CVE-2014-9594 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… |
| CVE-2014-9569 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtr… |
| CVE-2014-9387 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. |
| CVE-2013-3678 |
critical |
— |
9.0 |
|
|
sap |
12y ago |
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP… |
| CVE-2014-8669 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2014-8667 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-8666 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. |
| CVE-2014-8665 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. |
| CVE-2014-8661 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-8659 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2014-0995 |
medium |
— |
6.0 |
EXP |
|
sap |
12y ago |
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the… |
| CVE-2014-8592 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. |
| CVE-2014-8591 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown ve… |
| CVE-2014-8590 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. |
| CVE-2014-8589 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. |
| CVE-2014-8316 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explo… |
| CVE-2014-8315 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attack… |
| CVE-2014-8314 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/Da… |
| CVE-2014-8313 |
medium |
— |
6.0 |
|
|
sap |
12y ago |
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. |
| CVE-2014-8312 |
low |
— |
3.5 |
|
|
sap |
12y ago |
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. |
| CVE-2014-8311 |
low |
— |
3.5 |
|
|
sap |
12y ago |
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. |
| CVE-2014-8309 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which all… |
| CVE-2014-8308 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-6252 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbi… |
| CVE-2014-5506 |
medium |
— |
6.8 |
|
|
sap |
12y ago |
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. |
| CVE-2014-5505 |
medium |
— |
6.8 |
|
|
sap |
12y ago |
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. |
| CVE-2014-5176 |
medium |
— |
6.0 |
|
|
sap |
12y ago |
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-5174 |
low |
— |
3.5 |
|
|
sap |
12y ago |
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive info… |
| CVE-2014-5173 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. |
| CVE-2014-5172 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-5171 |
low |
— |
2.9 |
|
|
sap |
12y ago |
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and othe… |
| CVE-2014-4161 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| CVE-2014-4160 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (… |
| CVE-2014-4159 |
medium |
— |
5.8 |
|
|
sap |
12y ago |
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a … |
| CVE-2014-4012 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4011 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4010 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4009 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4008 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4007 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4006 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4005 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-4004 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-3787 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. |
| CVE-2014-3134 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-3133 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to … |
| CVE-2014-3132 |
medium |
— |
4.0 |
|
|
sap |
12y ago |
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7… |
| CVE-2014-3131 |
medium |
— |
4.0 |
|
|
sap |
12y ago |
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. |
| CVE-2014-3130 |
medium |
— |
4.6 |
|
|
sap |
12y ago |
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and exe… |
| CVE-2014-3129 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. |
| CVE-2014-0984 |
medium |
— |
5.3 |
EXP |
|
sap |
12y ago |
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrec… |
| CVE-2014-2749 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. |
| CVE-2013-7366 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. |
| CVE-2013-7365 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| CVE-2013-7361 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. |
| CVE-2013-7359 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. |
| CVE-2013-7358 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. |
| CVE-2013-7357 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. |
| CVE-2013-7356 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. |
| CVE-2014-1965 |
medium |
— |
4.3 |
|
|
sap |
13y ago |
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetW… |
| CVE-2014-1964 |
medium |
— |
4.3 |
|
|
sap |
13y ago |
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or … |
| CVE-2014-1963 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. |
| CVE-2014-1962 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. |
| CVE-2014-1961 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. |
| CVE-2014-1960 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2013-7095 |
critical |
— |
10.0 |
|
|
sap |
13y ago |
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. |
| CVE-2013-7093 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. |
| CVE-2013-6823 |
medium |
— |
6.4 |
|
|
sap |
13y ago |
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-6822 |
critical |
— |
10.0 |
|
|
sap |
13y ago |
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. |
| CVE-2013-6821 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2013-6820 |
critical |
— |
9.3 |
|
|
sap |
13y ago |
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via un… |
| CVE-2013-6819 |
medium |
— |
4.3 |
|
|
sap |
13y ago |
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6818 |
medium |
— |
6.4 |
|
|
sap |
13y ago |
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. |
| CVE-2013-6817 |
medium |
— |
6.8 |
|
|
sap |
13y ago |
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. |
| CVE-2013-6816 |
medium |
— |
4.3 |
|
|
sap |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspec… |
| CVE-2013-6815 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to a… |
| CVE-2013-6814 |
medium |
— |
5.8 |
|
|
sap |
13y ago |
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPP… |
| CVE-2013-3243 |
medium |
— |
6.8 |
|
|
opentextsap |
13y ago |
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. |
| CVE-2013-6244 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML doc… |
| CVE-2013-3244 |
medium |
— |
6.0 |
|
|
sap |
13y ago |
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary cod… |
| CVE-2013-5751 |
medium |
— |
5.0 |
|
|
sap |
13y ago |
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2013-3319 |
medium |
— |
6.0 |
EXP |
|
sap |
13y ago |
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. |
| CVE-2013-3063 |
medium |
— |
6.0 |
|
|
sap |
13y ago |
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. |
| CVE-2013-3062 |
medium |
— |
6.5 |
|
|
sap |
13y ago |
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions … |
| CVE-2013-3061 |
medium |
— |
6.5 |
|
|
sap |
13y ago |
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remot… |
| CVE-2011-5263 |
medium |
— |
4.3 |
|
|
sap |
14y ago |
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. |
| CVE-2011-5260 |
medium |
— |
4.3 |
|
|
sap |
14y ago |
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
