Filtered by vendor Sap
Subscribe
Total
1490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | 8.5 HIGH | 9.3 CRITICAL |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | |||||
| CVE-2016-4014 | 1 Sap | 1 Netweaver | 2025-04-12 | 9.0 HIGH | 8.6 HIGH |
| XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. | |||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
| CVE-2015-6663 | 1 Sap | 1 Afaria | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. | |||||
| CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | |||||
| CVE-2016-3976 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | |||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2025-04-12 | 2.1 LOW | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | |||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.8 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
| CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||||
| CVE-2014-4159 | 1 Sap | 1 Supplier Relationship Management | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2015-8029 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | 6.8 MEDIUM | N/A |
| SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | |||||
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||||
| CVE-2014-4161 | 1 Sap | 1 Supplier Relationship Management | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | |||||
| CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2025-04-12 | 6.4 MEDIUM | N/A |
| SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | |||||
| CVE-2014-9594 | 1 Sap | 1 Sap Kernel | 2025-04-12 | 6.5 MEDIUM | N/A |
| Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. | |||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | 7.5 HIGH | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2025-04-12 | 7.1 HIGH | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||||
| CVE-2016-3975 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. | |||||