Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sap Subscribe
Total 1304 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8314 1 Sap 1 Hana 2018-10-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.
CVE-2014-8313 1 Sap 1 Hana 2018-10-09 6.0 MEDIUM N/A
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
CVE-2014-8311 1 Sap 1 Businessobjects 2018-10-09 3.5 LOW N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVE-2014-8308 1 Sap 1 Businessobjects 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8309 1 Sap 2 Businessobjects, Businessobjects Xi 2018-10-09 5.0 MEDIUM N/A
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVE-2014-8310 1 Sap 1 Businessobjects 2018-10-09 7.1 HIGH N/A
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
CVE-2014-5173 1 Sap 1 Hana Extend Application Services 2018-10-09 5.0 MEDIUM N/A
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
CVE-2014-5172 1 Sap 1 Hana 2018-10-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5176 1 Sap 1 Fi Manager Self-service 2018-10-09 6.0 MEDIUM N/A
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-5171 1 Sap 1 Hana Extend Application Services 2018-10-09 2.9 LOW N/A
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
CVE-2014-4003 1 Sap 1 Netweaver 2018-10-09 7.5 HIGH N/A
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
CVE-2013-3678 1 Sap 1 Governance Risk And Compliance 2018-10-09 9.0 HIGH N/A
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
CVE-2011-4805 1 Sap 1 Crystal Reports Server 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.
CVE-2011-5263 1 Sap 1 Netweaver 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVE-2018-2439 1 Sap 1 Internet Graphics Server 2018-09-12 4.3 MEDIUM 5.9 MEDIUM
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
CVE-2018-2431 1 Sap 1 Businessobjects Business Intelligence 2018-09-06 4.3 MEDIUM 6.1 MEDIUM
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2440 1 Sap 1 Dynamic Authorization Management 2018-09-06 2.1 LOW 4.4 MEDIUM
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.
CVE-2018-2427 1 Sap 2 Businessobjects Business Intelligence, Crystal Reports 2018-09-06 6.5 MEDIUM 8.8 HIGH
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
CVE-2018-2435 1 Sap 1 Netweaver Enterprise Portal 2018-09-05 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-11415 1 Sap 1 Internet Transaction Server 2018-06-26 4.3 MEDIUM 6.1 MEDIUM
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.