Filtered by vendor Sap
Subscribe
Total
1491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
| CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2025-04-12 | 4.0 MEDIUM | N/A |
| SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | |||||
| CVE-2013-7363 | 1 Sap | 1 Solution Manager | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. | |||||
| CVE-2016-3973 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. | |||||
| CVE-2016-2387 | 1 Sap | 1 Netweaver | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | |||||
| CVE-2015-4161 | 1 Sap | 1 Afaria | 2025-04-12 | 7.5 HIGH | N/A |
| SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | |||||
| CVE-2014-9569 | 1 Sap | 1 Netweaver Business Client For Html | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | |||||
| CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||||
| CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2025-04-12 | 6.0 MEDIUM | N/A |
| Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2025-04-12 | 4.0 MEDIUM | N/A |
| SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
| CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 10.0 HIGH | N/A |
| The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-3640 | 1 Sap | 1 Hana Db | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. | |||||
| CVE-2016-4016 | 1 Sap | 1 Java As | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | |||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||||
| CVE-2015-4157 | 1 Sap | 1 Content Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | |||||
| CVE-2016-3979 | 1 Sap | 1 Java As | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185. | |||||