Filtered by vendor Sap
Subscribe
Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6859 | 1 Sap | 1 Hybris | 2026-05-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | |||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2026-05-06 | 5.0 MEDIUM | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||||
| CVE-2016-6139 | 1 Sap | 1 Trex | 2026-05-06 | 7.6 HIGH | 9.8 CRITICAL |
| SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||||
| CVE-2014-3133 | 1 Sap | 1 Netweaver Java Application Server | 2026-05-06 | 5.0 MEDIUM | N/A |
| SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | |||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2026-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||||
| CVE-2016-4018 | 1 Sap | 1 Hana | 2026-05-06 | 7.5 HIGH | 7.3 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | |||||
| CVE-2026-27679 | 1 Sap | 2 Manage Reference Structures, S\/4hana | 2026-05-04 | N/A | 6.5 MEDIUM |
| Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted. | |||||
| CVE-2026-34264 | 1 Sap | 2 Human Capital Management, S\/4hana | 2026-05-04 | N/A | 6.5 MEDIUM |
| During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected. | |||||
| CVE-2026-34262 | 1 Sap | 2 Hana Cockpit, Hana Database Explorer | 2026-05-04 | N/A | 5.0 MEDIUM |
| Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | |||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2026-04-29 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5263 | 1 Sap | 1 Netweaver | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
| CVE-2014-1965 | 1 Sap | 1 Netweaver | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | |||||
| CVE-2009-4988 | 1 Sap | 1 Business One 2005-a | 2026-04-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. | |||||
| CVE-2012-1291 | 1 Sap | 1 Netweaver | 2026-04-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | |||||
| CVE-2013-7095 | 1 Sap | 1 Customer Relationship Management | 2026-04-29 | 10.0 HIGH | N/A |
| The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-3061 | 1 Sap | 2 Erp Central Component, Healthcare Industry Solution | 2026-04-29 | 6.5 MEDIUM | N/A |
| The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
| CVE-2010-1609 | 1 Sap | 1 Netweaver | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2026-04-29 | 6.4 MEDIUM | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2026-04-29 | 5.0 MEDIUM | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-4805 | 1 Sap | 1 Crystal Reports Server | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. | |||||