Filtered by vendor Sap
Subscribe
Total
1487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.8 MEDIUM | N/A |
| The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||||
| CVE-2010-1609 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0219 | 2 Apache, Sap | 2 Axis2, Businessobjects | 2025-04-11 | 10.0 HIGH | N/A |
| Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | |||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2025-04-11 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||
| CVE-2010-3983 | 1 Sap | 1 Businessobjects | 2025-04-11 | 9.0 HIGH | N/A |
| CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | |||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-4341 | 1 Sap | 1 Netweaver Abap | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. | |||||
| CVE-2013-5751 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2010-4556 | 1 Sap | 1 Netweaver Business Client | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. | |||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2013-3062 | 1 Sap | 1 Production Planning And Control | 2025-04-11 | 6.5 MEDIUM | N/A |
| The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | 5.0 MEDIUM | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-3063 | 1 Sap | 1 Basis Communication Services | 2025-04-11 | 6.0 MEDIUM | N/A |
| SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2025-04-11 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | |||||
| CVE-2024-25644 | 1 Sap | 1 Netweaver | 2025-04-10 | N/A | 5.3 MEDIUM |
| Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||||
| CVE-2008-0306 | 1 Sap | 1 Maxdb | 2025-04-09 | 6.9 MEDIUM | N/A |
| sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. | |||||