Filtered by vendor Sap
Subscribe
Total
1485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8662 | 1 Sap | 1 Payroll Process | 2024-02-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | |||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | |||||
| CVE-2015-2072 | 1 Sap | 1 Hana | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | |||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2024-02-28 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | |||||
| CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2024-02-28 | 10.0 HIGH | N/A |
| The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2024-02-28 | 7.5 HIGH | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2024-02-28 | 6.5 MEDIUM | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-5505 | 1 Sap | 1 Crystal Reports | 2024-02-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | |||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2024-02-28 | 7.5 HIGH | N/A |
| The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2024-02-28 | 6.0 MEDIUM | N/A |
| SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2013-3678 | 1 Sap | 1 Governance Risk And Compliance | 2024-02-28 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | |||||
| CVE-2014-5173 | 1 Sap | 1 Hana Extended Application Services | 2024-02-28 | 5.0 MEDIUM | N/A |
| SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | |||||
| CVE-2015-2818 | 1 Sap | 1 Mobile Platform | 2024-02-28 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | |||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2024-02-28 | 5.0 MEDIUM | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||
| CVE-2015-2813 | 1 Sap | 1 Mobile Platform | 2024-02-28 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||||
| CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2024-02-28 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||||
| CVE-2014-5171 | 1 Sap | 1 Hana Extended Application Services | 2024-02-28 | 2.9 LOW | N/A |
| SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. | |||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | |||||