Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1487 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2815 1 Sap 1 Netweaver 2025-04-12 6.5 MEDIUM N/A
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
CVE-2015-2076 1 Sap 1 Businessobjects Edge 2025-04-12 5.0 MEDIUM N/A
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
CVE-2013-3678 1 Sap 1 Governance Risk And Compliance 2025-04-12 9.0 HIGH N/A
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
CVE-2015-5067 1 Sap 1 Netweaver 2025-04-12 7.5 HIGH N/A
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
CVE-2014-4009 1 Sap 1 Computing Center Management System Monitoring 2025-04-12 5.0 MEDIUM N/A
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-4158 1 Sap 2 Netweaver Abap Application Server, Netweaver Java Application Server 2025-04-12 5.0 MEDIUM N/A
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
CVE-2015-7727 1 Sap 1 Hana 2025-04-12 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
CVE-2016-1910 1 Sap 1 Netweaver 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
CVE-2016-4018 1 Sap 1 Hana 2025-04-12 7.5 HIGH 7.3 HIGH
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.
CVE-2015-8028 1 Sap 1 3d Visual Enterprise Viewer 2025-04-12 6.8 MEDIUM N/A
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
CVE-2013-7361 1 Sap 2 Cm Services, Cms Services 2025-04-12 5.0 MEDIUM N/A
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
CVE-2016-6150 1 Sap 1 Hana 2025-04-12 7.5 HIGH 9.8 CRITICAL
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
CVE-2015-7992 1 Sap 1 Hana 2025-04-12 4.0 MEDIUM N/A
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.
CVE-2013-7357 1 Sap 1 J2ee Engine 2025-04-12 5.0 MEDIUM N/A
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.
CVE-2014-8589 1 Sap 1 Network Interface Router 2025-04-12 5.0 MEDIUM N/A
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
CVE-2013-7364 1 Sap 1 Netweaver 2025-04-12 7.5 HIGH N/A
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
CVE-2015-3994 1 Sap 1 Hana 2025-04-12 4.0 MEDIUM N/A
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.
CVE-2015-8330 1 Sap 1 Plant Connectivity 2025-04-12 7.8 HIGH N/A
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619.
CVE-2016-3635 1 Sap 1 Netweaver 2025-04-12 6.0 MEDIUM 7.5 HIGH
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
CVE-2015-2818 1 Sap 1 Mobile Platform 2025-04-12 5.0 MEDIUM N/A
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.