| CVE-2016-3973 |
medium |
5.3 |
5.3 |
|
|
sap |
10y ago |
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/… |
| CVE-2016-2536 |
high |
8.8 |
8.8 |
|
|
sapgoogle |
10y ago |
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be… |
| CVE-2016-2389 |
high |
7.5 |
8.5 |
EXP |
|
sap |
10y ago |
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitra… |
| CVE-2016-2387 |
medium |
6.1 |
6.1 |
|
|
sap |
10y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or … |
| CVE-2016-1929 |
critical |
9.3 |
9.3 |
|
|
sap |
11y ago |
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, relat… |
| CVE-2016-1928 |
critical |
9.8 |
9.8 |
|
|
sap |
11y ago |
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security… |
| CVE-2016-1911 |
medium |
6.1 |
6.1 |
|
|
sap |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pm… |
| CVE-2016-1910 |
medium |
5.3 |
6.3 |
EXP |
|
sap |
11y ago |
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. |
| CVE-2015-8753 |
critical |
9.1 |
9.1 |
|
|
sap |
11y ago |
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. |
| CVE-2015-8600 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vec… |
| CVE-2015-8330 |
high |
— |
7.8 |
|
|
sap |
11y ago |
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. |
| CVE-2015-8329 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecifie… |
| CVE-2015-7994 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. |
| CVE-2015-7993 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Logi… |
| CVE-2015-7992 |
medium |
— |
4.0 |
|
|
sap |
11y ago |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RUL… |
| CVE-2015-7991 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vector… |
| CVE-2015-7828 |
critical |
— |
10.0 |
|
|
sap |
11y ago |
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopyd… |
| CVE-2015-8030 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. |
| CVE-2015-8029 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. |
| CVE-2015-8028 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. |
| CVE-2015-7986 |
high |
— |
8.5 |
EXP |
|
sap |
11y ago |
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 21… |
| CVE-2015-7730 |
critical |
— |
10.0 |
|
|
sap |
11y ago |
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a c… |
| CVE-2015-7729 |
medium |
— |
6.5 |
|
|
sap |
11y ago |
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via uns… |
| CVE-2015-7728 |
low |
— |
3.5 |
|
|
sap |
11y ago |
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary … |
| CVE-2015-7727 |
medium |
— |
6.5 |
|
|
sap |
11y ago |
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via un… |
| CVE-2015-7726 |
low |
— |
3.5 |
|
|
sap |
11y ago |
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script… |
| CVE-2015-7725 |
medium |
— |
6.5 |
|
|
sap |
11y ago |
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remo… |
| CVE-2015-6507 |
high |
— |
7.2 |
|
|
sap |
11y ago |
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka… |
| CVE-2015-7239 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-6664 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact v… |
| CVE-2015-6663 |
medium |
— |
4.3 |
|
|
sap |
11y ago |
Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, a… |
| CVE-2015-6662 |
medium |
— |
6.8 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security N… |
| CVE-2015-3621 |
critical |
— |
9.3 |
|
|
sap |
11y ago |
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. |
| CVE-2015-3449 |
high |
— |
7.2 |
|
|
sap |
11y ago |
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService… |
| CVE-2015-5068 |
high |
— |
7.5 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security … |
| CVE-2015-5067 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes … |
| CVE-2015-4161 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown… |
| CVE-2015-4160 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. |
| CVE-2015-4159 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. |
| CVE-2015-4158 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. |
| CVE-2015-4157 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. |
| CVE-2015-2282 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Appl… |
| CVE-2015-2278 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver… |
| CVE-2015-3995 |
medium |
— |
4.0 |
|
|
sap |
11y ago |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. |
| CVE-2015-3994 |
medium |
— |
4.0 |
|
|
sap |
11y ago |
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, ak… |
| CVE-2015-4092 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Secu… |
| CVE-2015-4091 |
high |
— |
7.5 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to t… |
| CVE-2015-3981 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. |
| CVE-2015-3980 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. |
| CVE-2015-3979 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. |
| CVE-2015-3978 |
low |
— |
2.1 |
|
|
sap |
11y ago |
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. |
| CVE-2015-2820 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. |
| CVE-2015-2819 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. |
| CVE-2015-2818 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. |
| CVE-2015-2817 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. |
| CVE-2015-2816 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. |
| CVE-2015-2815 |
medium |
— |
6.5 |
|
|
sap |
11y ago |
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of servic… |
| CVE-2015-2814 |
medium |
— |
6.4 |
|
|
sap |
11y ago |
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl,… |
| CVE-2015-2813 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. |
| CVE-2015-2812 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Secur… |
| CVE-2015-2811 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Not… |
| CVE-2015-2107 |
medium |
— |
6.8 |
|
|
hpsap |
11y ago |
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. |
| CVE-2015-2076 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. |
| CVE-2015-2075 |
medium |
— |
5.0 |
|
|
sap |
11y ago |
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. |
| CVE-2015-2072 |
medium |
— |
4.3 |
|
|
sap |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML … |
| CVE-2015-1312 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown … |
| CVE-2015-1311 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is un… |
| CVE-2015-1309 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML reques… |
| CVE-2014-9595 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… |
| CVE-2014-9594 |
medium |
— |
6.5 |
|
|
sap |
12y ago |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… |
| CVE-2014-9569 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtr… |
| CVE-2014-9387 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. |
| CVE-2014-9264 |
high |
— |
7.5 |
|
|
sap |
12y ago |
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. |
| CVE-2013-3678 |
critical |
— |
9.0 |
|
|
sap |
12y ago |
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP… |
| CVE-2014-8669 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2014-8668 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8667 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-8666 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. |
| CVE-2014-8665 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. |
| CVE-2014-8664 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8663 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8662 |
high |
— |
7.8 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. |
| CVE-2014-8661 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-8660 |
high |
— |
7.2 |
|
|
sap |
12y ago |
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. |
| CVE-2014-8659 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2014-0995 |
medium |
— |
6.0 |
EXP |
|
sap |
12y ago |
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the… |
| CVE-2014-8592 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. |
| CVE-2014-8591 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown ve… |
| CVE-2014-8590 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. |
| CVE-2014-8589 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. |
| CVE-2014-8587 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) sign… |
| CVE-2014-8316 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explo… |
| CVE-2014-8315 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attack… |
| CVE-2014-8314 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/Da… |
| CVE-2014-8313 |
medium |
— |
6.0 |
|
|
sap |
12y ago |
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. |
| CVE-2014-8312 |
low |
— |
3.5 |
|
|
sap |
12y ago |
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. |
| CVE-2014-8311 |
low |
— |
3.5 |
|
|
sap |
12y ago |
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. |
| CVE-2014-8310 |
high |
— |
7.1 |
|
|
sap |
12y ago |
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. |
| CVE-2014-8309 |
medium |
— |
5.0 |
|
|
sap |
12y ago |
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which all… |
| CVE-2014-8308 |
medium |
— |
4.3 |
|
|
sap |
12y ago |
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
