Filtered by vendor Sap
Subscriptions
Total
1502 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-7437 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | ||||
CVE-2014-9264 | 1 Sap | 1 Sql Anywhere | 2025-04-12 | N/A |
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | ||||
CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2025-04-12 | N/A |
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | ||||
CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
CVE-2014-9569 | 1 Sap | 1 Netweaver Business Client For Html | 2025-04-12 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | ||||
CVE-2014-9595 | 1 Sap | 1 Sap Kernel | 2025-04-12 | N/A |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. | ||||
CVE-2016-9562 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 7.5 High |
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. | ||||
CVE-2015-1311 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | N/A |
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2025-04-12 | N/A |
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2025-04-12 | N/A |
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | ||||
CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
CVE-2013-7363 | 1 Sap | 1 Solution Manager | 2025-04-12 | N/A |
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. | ||||
CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | N/A |
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | ||||
CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | N/A |
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | ||||
CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | N/A |
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | ||||
CVE-2015-2282 | 1 Sap | 6 Gui, Maxdb, Netweaver Abap Application Server and 3 more | 2025-04-12 | N/A |
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | ||||
CVE-2015-8329 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2025-04-12 | N/A |
SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274. | ||||
CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | N/A |
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | N/A |
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. |