Filtered by vendor Sap
Subscribe
Total
1541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7986 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
| The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. | |||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||||
| CVE-2016-6857 | 1 Sap | 1 Hybris | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | |||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||||
| CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2025-04-12 | 5.0 MEDIUM | N/A |
| Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | |||||
| CVE-2015-6507 | 1 Sap | 1 Hana | 2025-04-12 | 7.2 HIGH | N/A |
| The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700. | |||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2014-4003 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
| The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | |||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.8 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | 7.5 HIGH | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2014-4006 | 1 Sap | 1 Oil Industry Solution Traders And Schedulers Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-3621 | 1 Sap | 1 Enterprise Central Component | 2025-04-12 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2015-1309 | 1 Sap | 1 Netweaver Abap | 2025-04-12 | 5.0 MEDIUM | N/A |
| XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. | |||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2025-04-12 | 7.5 HIGH | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-7359 | 1 Sap | 1 Mobile Infrastructure | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | |||||
| CVE-2015-2282 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||