Filtered by vendor Sap
Subscribe
Total
1304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.8 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2018-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||||
| CVE-2015-5068 | 1 Sap | 1 Mobile Platform | 2018-12-10 | 7.5 HIGH | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | |||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2015-2820 | 1 Sap | 1 Afaria | 2018-12-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2017-11460 | 1 Sap | 1 Netweaver Portal | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. | |||||
| CVE-2015-2811 | 1 Sap | 1 Netweaver Enterprise Portal | 2018-12-10 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | |||||
| CVE-2015-2812 | 1 Sap | 1 Netweaver Enterprise Portal | 2018-12-10 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | |||||
| CVE-2015-2813 | 1 Sap | 1 Mobile Platform | 2018-12-10 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||||
| CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2018-12-10 | 6.4 MEDIUM | N/A |
| SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | |||||
| CVE-2017-11459 | 1 Sap | 1 Trex | 2018-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | |||||
| CVE-2015-4092 | 1 Sap | 1 Afaria | 2018-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | |||||
| CVE-2015-4091 | 1 Sap | 1 Sap Netweaver Application Server Java | 2018-12-10 | 7.5 HIGH | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | |||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.5 MEDIUM | N/A |
| Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | |||||
| CVE-2017-5372 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908. | |||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2018-12-10 | 7.5 HIGH | N/A |
| The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||||
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2018-12-10 | 5.0 MEDIUM | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||||
| CVE-2015-2818 | 1 Sap | 1 Mobile Platform | 2018-12-10 | 5.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | |||||