Filtered by vendor Sap
Subscribe
Total
1521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6859 | 1 Sap | 1 Hybris | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | |||||
| CVE-2016-6147 | 1 Sap | 1 Trex | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||||
| CVE-2015-1311 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | 10.0 HIGH | N/A |
| The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2014-4011 | 1 Sap | 1 Capacity Leveling | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | |||||
| CVE-2015-4161 | 1 Sap | 1 Afaria | 2025-04-12 | 7.5 HIGH | N/A |
| SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | |||||
| CVE-2015-3994 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
| The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||||
| CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2025-04-12 | 7.5 HIGH | N/A |
| The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5172 | 1 Sap | 1 Hana | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | 8.5 HIGH | 9.3 CRITICAL |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | |||||
| CVE-2016-2389 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | |||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2025-04-12 | 7.5 HIGH | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-3678 | 1 Sap | 1 Governance Risk And Compliance | 2025-04-12 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | |||||
| CVE-2014-8314 | 1 Sap | 1 Hana | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | |||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2025-04-12 | 6.5 MEDIUM | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-6148 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136. | |||||
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | |||||
| CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | |||||