Filtered by vendor Sap
Subscribe
Total
1487 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2815 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.5 MEDIUM | N/A |
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | |||||
CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | 5.0 MEDIUM | N/A |
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||||
CVE-2013-3678 | 1 Sap | 1 Governance Risk And Compliance | 2025-04-12 | 9.0 HIGH | N/A |
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | |||||
CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2025-04-12 | 5.0 MEDIUM | N/A |
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||||
CVE-2015-7727 | 1 Sap | 1 Hana | 2025-04-12 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | |||||
CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||||
CVE-2016-4018 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | |||||
CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | |||||
CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||||
CVE-2016-6150 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | |||||
CVE-2015-7992 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | |||||
CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2025-04-12 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||||
CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2025-04-12 | 5.0 MEDIUM | N/A |
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | |||||
CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
CVE-2015-3994 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||||
CVE-2015-8330 | 1 Sap | 1 Plant Connectivity | 2025-04-12 | 7.8 HIGH | N/A |
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | |||||
CVE-2016-3635 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | |||||
CVE-2015-2818 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. |