Filtered by vendor Sap
Subscribe
Total
1541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2511 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2009-4988 | 1 Sap | 1 Business One 2005-a | 2025-04-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. | |||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||||
| CVE-2013-3244 | 1 Sap | 1 Erp Central Component | 2025-04-11 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | |||||
| CVE-2010-1609 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. | |||||
| CVE-2010-3983 | 1 Sap | 1 Businessobjects | 2025-04-11 | 9.0 HIGH | N/A |
| CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2025-04-11 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||
| CVE-2010-2103 | 3 3com, Apache, Sap | 3 Intelligent Management Center, Axis2, Business Objects | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4805 | 1 Sap | 1 Crystal Reports Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. | |||||
| CVE-2013-3061 | 1 Sap | 2 Erp Central Component, Healthcare Industry Solution | 2025-04-11 | 6.5 MEDIUM | N/A |
| The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
| CVE-2013-6284 | 1 Sap | 1 Erp Central Component | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." | |||||
| CVE-2010-1185 | 1 Sap | 1 Maxdb | 2025-04-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2904 | 1 Sap | 2 Netweaver, System Landscape Directory | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2014-1963 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2011-5263 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
| CVE-2010-3980 | 1 Sap | 1 Businessobjects | 2025-04-11 | 4.0 MEDIUM | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | |||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2013-3063 | 1 Sap | 1 Basis Communication Services | 2025-04-11 | 6.0 MEDIUM | N/A |
| SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||