Filtered by vendor Sap
Subscriptions
Total
1674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6822 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6818 | 1 Sap | 1 Netweaver Logviewer | 2025-04-11 | N/A |
| SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | ||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2025-04-11 | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-5751 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | ||||
| CVE-2013-3244 | 1 Sap | 1 Erp Central Component | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | ||||
| CVE-2013-3062 | 1 Sap | 1 Production Planning And Control | 2025-04-11 | N/A |
| The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | ||||
| CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | ||||
| CVE-2013-3063 | 1 Sap | 1 Basis Communication Services | 2025-04-11 | N/A |
| SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2012-2611 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | ||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2012-2512 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | ||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2013-6821 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2025-04-11 | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | ||||
| CVE-2012-1292 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | ||||
| CVE-2013-6820 | 1 Sap | 1 Netweaver Development Infrastructure | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. | ||||