| CVE-2017-16690 |
high |
7.8 |
7.8 |
|
|
sap |
9y ago |
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs… |
| CVE-2017-16689 |
high |
8.8 |
8.8 |
|
|
sap |
9y ago |
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established t… |
| CVE-2017-16684 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. |
| CVE-2017-16682 |
high |
7.2 |
7.2 |
|
|
sap |
9y ago |
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be execute… |
| CVE-2017-16680 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could al… |
| CVE-2017-15297 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. |
| CVE-2017-15296 |
high |
8.8 |
8.8 |
|
|
sap |
9y ago |
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. |
| CVE-2017-15295 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. |
| CVE-2017-15293 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 25… |
| CVE-2017-14581 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. |
| CVE-2017-14511 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to … |
| CVE-2015-7241 |
critical |
9.8 |
10.0 |
EXP |
|
sap |
9y ago |
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. |
| CVE-2014-8871 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5… |
| CVE-2017-11459 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Not… |
| CVE-2017-9845 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. |
| CVE-2016-6256 |
critical |
9.6 |
10.0 |
EXP |
|
sap |
9y ago |
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i… |
| CVE-2017-8915 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar s… |
| CVE-2017-8914 |
high |
8.3 |
8.3 |
|
|
sap |
9y ago |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. |
| CVE-2017-8913 |
high |
8.8 |
8.8 |
|
|
sap |
9y ago |
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/se… |
| CVE-2017-8852 |
high |
7.8 |
8.8 |
EXP |
|
sap |
9y ago |
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of da… |
| CVE-2017-7717 |
high |
8.8 |
8.8 |
|
|
sap |
9y ago |
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified… |
| CVE-2017-7696 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_res… |
| CVE-2016-6818 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), … |
| CVE-2016-6143 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. |
| CVE-2017-7691 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. |
| CVE-2016-10311 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. |
| CVE-2017-6950 |
critical |
9.8 |
9.8 |
|
|
sap |
9y ago |
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. |
| CVE-2017-5997 |
high |
7.5 |
7.5 |
|
|
sap |
9y ago |
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests wit… |
| CVE-2016-10079 |
high |
7.5 |
8.5 |
EXP |
|
sap |
10y ago |
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. |
| CVE-2017-5372 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for… |
| CVE-2016-10005 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. |
| CVE-2016-9562 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP … |
| CVE-2016-3946 |
high |
7.8 |
7.8 |
|
|
sap |
10y ago |
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. |
| CVE-2016-3635 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connectio… |
| CVE-2016-7435 |
critical |
9.1 |
9.1 |
|
|
sap |
10y ago |
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer… |
| CVE-2016-4551 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the … |
| CVE-2016-6137 |
critical |
9.8 |
9.8 |
|
|
sap |
10y ago |
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. |
| CVE-2016-6142 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. |
| CVE-2016-6150 |
critical |
9.8 |
9.8 |
|
|
sap |
10y ago |
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified ot… |
| CVE-2016-6148 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 22… |
| CVE-2016-6147 |
critical |
9.8 |
9.8 |
|
|
sap |
10y ago |
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. |
| CVE-2016-6144 |
high |
8.1 |
8.1 |
|
|
sap |
10y ago |
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," … |
| CVE-2016-6140 |
critical |
9.8 |
9.8 |
|
|
sap |
10y ago |
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. |
| CVE-2016-6139 |
critical |
9.8 |
9.8 |
|
|
sap |
10y ago |
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. |
| CVE-2016-6138 |
critical |
9.8 |
9.8 |
|
|
sap |
10y ago |
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. |
| CVE-2016-4018 |
high |
7.3 |
7.3 |
|
|
sap |
10y ago |
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and … |
| CVE-2016-4017 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. |
| CVE-2016-4015 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. |
| CVE-2016-4014 |
high |
8.6 |
8.6 |
|
|
sap |
10y ago |
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to ud… |
| CVE-2016-3980 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. |
| CVE-2016-3979 |
high |
7.5 |
7.5 |
|
|
sap |
10y ago |
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP req… |
| CVE-2015-8840 |
high |
8.8 |
8.8 |
|
|
sap |
10y ago |
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly h… |
| CVE-2016-3974 |
critical |
9.1 |
10.0 |
EXP |
|
sap |
10y ago |
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access… |
| CVE-2016-2536 |
high |
8.8 |
8.8 |
|
|
sapgoogle |
10y ago |
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be… |
| CVE-2016-2389 |
high |
7.5 |
8.5 |
EXP |
|
sap |
10y ago |
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitra… |
| CVE-2016-1929 |
critical |
9.3 |
9.3 |
|
|
sap |
11y ago |
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, relat… |
| CVE-2016-1928 |
critical |
9.8 |
9.8 |
|
|
sap |
11y ago |
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security… |
| CVE-2015-8753 |
critical |
9.1 |
9.1 |
|
|
sap |
11y ago |
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. |
| CVE-2015-8600 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vec… |
| CVE-2015-8330 |
high |
— |
7.8 |
|
|
sap |
11y ago |
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. |
| CVE-2015-7994 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. |
| CVE-2015-7993 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Logi… |
| CVE-2015-7828 |
critical |
— |
10.0 |
|
|
sap |
11y ago |
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopyd… |
| CVE-2015-7986 |
high |
— |
8.5 |
EXP |
|
sap |
11y ago |
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 21… |
| CVE-2015-7730 |
critical |
— |
10.0 |
|
|
sap |
11y ago |
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a c… |
| CVE-2015-6507 |
high |
— |
7.2 |
|
|
sap |
11y ago |
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka… |
| CVE-2015-7239 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-3621 |
critical |
— |
9.3 |
|
|
sap |
11y ago |
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. |
| CVE-2015-3449 |
high |
— |
7.2 |
|
|
sap |
11y ago |
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService… |
| CVE-2015-5068 |
high |
— |
7.5 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security … |
| CVE-2015-5067 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes … |
| CVE-2015-4161 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown… |
| CVE-2015-4160 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. |
| CVE-2015-4159 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. |
| CVE-2015-2282 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Appl… |
| CVE-2015-4092 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Secu… |
| CVE-2015-4091 |
high |
— |
7.5 |
|
|
sap |
11y ago |
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to t… |
| CVE-2015-3980 |
high |
— |
7.5 |
|
|
sap |
11y ago |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. |
| CVE-2015-3979 |
high |
— |
7.5 |
|
|
sap |
11y ago |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. |
| CVE-2015-2816 |
high |
— |
7.5 |
|
|
sap |
11y ago |
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. |
| CVE-2015-1312 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown … |
| CVE-2015-1311 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is un… |
| CVE-2014-9387 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. |
| CVE-2014-9264 |
high |
— |
7.5 |
|
|
sap |
12y ago |
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. |
| CVE-2013-3678 |
critical |
— |
9.0 |
|
|
sap |
12y ago |
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP… |
| CVE-2014-8669 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2014-8668 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8664 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8663 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-8662 |
high |
— |
7.8 |
|
|
sap |
12y ago |
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. |
| CVE-2014-8661 |
critical |
— |
10.0 |
|
|
sap |
12y ago |
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-8660 |
high |
— |
7.2 |
|
|
sap |
12y ago |
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. |
| CVE-2014-8587 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) sign… |
| CVE-2014-8310 |
high |
— |
7.1 |
|
|
sap |
12y ago |
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. |
| CVE-2014-5175 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. |
| CVE-2014-4003 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. |
| CVE-2014-2752 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2751 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2748 |
high |
— |
7.5 |
|
|
sap |
12y ago |
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these deta… |
| CVE-2013-7367 |
high |
— |
7.5 |
|
|
sap |
12y ago |
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. |
