Filtered by vendor Sap
Subscribe
Total
1494 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8600 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 7.5 HIGH | N/A |
| The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. | |||||
| CVE-2016-2388 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | |||||
| CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||||
| CVE-2015-7727 | 1 Sap | 1 Hana | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | |||||
| CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2025-04-12 | 6.8 MEDIUM | N/A |
| Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||||
| CVE-2016-4017 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | |||||
| CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||||
| CVE-2015-7992 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. | |||||
| CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||||
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||||
| CVE-2015-4158 | 1 Sap | 2 Netweaver Abap Application Server, Netweaver Java Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||||
| CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2025-04-12 | 7.5 HIGH | N/A |
| The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-7728 | 1 Sap | 1 Hana | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | |||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | 8.5 HIGH | 9.3 CRITICAL |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | |||||
| CVE-2014-0984 | 1 Sap | 1 Router | 2025-04-12 | 4.3 MEDIUM | N/A |
| The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. | |||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2025-04-12 | 7.5 HIGH | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||||
| CVE-2014-4007 | 1 Sap | 1 Upgrade Tools | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||