Filtered by vendor Sap
Subscriptions
Total
1535 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3132 | 1 Sap | 1 Background Processing | 2025-04-12 | N/A |
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | ||||
CVE-2015-8840 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 8.8 High |
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. | ||||
CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | N/A |
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | ||||
CVE-2015-4161 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | ||||
CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | N/A |
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2025-04-12 | N/A |
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | ||||
CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | N/A |
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | ||||
CVE-2014-3787 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | ||||
CVE-2016-7437 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | ||||
CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2025-04-12 | N/A |
Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | ||||
CVE-2015-4157 | 1 Sap | 1 Content Server | 2025-04-12 | N/A |
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | ||||
CVE-2015-4092 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | ||||
CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2025-04-12 | N/A |
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | ||||
CVE-2015-4091 | 1 Sap | 1 Sap Netweaver Application Server Java | 2025-04-12 | N/A |
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | ||||
CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | ||||
CVE-2013-7356 | 1 Sap | 1 Ccms \/ Database Monitor | 2025-04-12 | N/A |
Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | ||||
CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | ||||
CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2025-04-12 | N/A |
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | ||||
CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2025-04-12 | N/A |
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. |