Filtered by vendor Sap
Subscribe
Total
1491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6150 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | |||||
| CVE-2015-3994 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
| The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||||
| CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | |||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||||
| CVE-2015-2811 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | |||||
| CVE-2015-7992 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | |||||
| CVE-2014-4005 | 1 Sap | 1 Brazil | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-9387 | 1 Sap | 1 Businessobjects | 2025-04-12 | 10.0 HIGH | N/A |
| SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | |||||
| CVE-2015-7993 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
| The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. | |||||
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | |||||
| CVE-2016-4017 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | |||||
| CVE-2016-6138 | 1 Sap | 1 Trex | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||||
| CVE-2014-5173 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | |||||
| CVE-2016-3639 | 1 Sap | 1 Hana Db | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | |||||
| CVE-2016-6858 | 1 Sap | 1 Hybris | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | |||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-6142 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | |||||
| CVE-2014-4004 | 1 Sap | 1 Project System | 2025-04-12 | 5.0 MEDIUM | N/A |
| The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||