Filtered by vendor Sap
Subscriptions
Total
1501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-11415 | 1 Sap | 1 Internet Transaction Server | 2024-11-21 | N/A |
| SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. | ||||
| CVE-2017-16349 | 1 Sap | 1 Business Planning And Consolidation | 2024-11-21 | 8.1 High |
| An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability. | ||||
| CVE-2015-7968 | 1 Sap | 1 Netweaver Application Server | 2024-11-21 | 4.3 Medium |
| nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | ||||
| CVE-2015-7731 | 1 Sap | 1 Mobile Platform | 2024-11-21 | 5.5 Medium |
| SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | ||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 7.5 High |
| The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | ||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 7.5 High |
| The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | ||||
| CVE-2014-9320 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 9.8 Critical |
| SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. | ||||
| CVE-2013-1593 | 1 Sap | 1 Netweaver | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. | ||||
| CVE-2013-1592 | 1 Sap | 1 Netweaver | 2024-11-21 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2011-1517 | 1 Sap | 1 Netweaver | 2024-11-21 | 9.8 Critical |
| SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. | ||||
| CVE-2024-45282 | 1 Sap | 1 S\/4 Hana | 2024-11-14 | 4.3 Medium |
| Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. | ||||
| CVE-2024-45277 | 2 Sap, Sap Se | 2 Hana-client, Sap Hana Client | 2024-11-14 | 4.3 Medium |
| The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity. | ||||
| CVE-2024-37179 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-14 | 7.7 High |
| SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. | ||||
| CVE-2024-45278 | 2 Sap, Sap Se | 2 Commerce Backoffice, Sap Commerce Backoffice | 2024-11-14 | 5.4 Medium |
| SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | ||||
| CVE-2024-47594 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-14 | 5.4 Medium |
| SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised. | ||||
| CVE-2024-47595 | 1 Sap | 1 Host Agent | 2024-11-14 | 6.3 Medium |
| An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. | ||||
| CVE-2024-47586 | 1 Sap | 1 Netweaver Abap Application Server | 2024-11-12 | 5.3 Medium |
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. | ||||