Filtered by vendor Sap
Subscribe
Total
1304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7691 | 1 Sap | 1 Trex | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||||
CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2017-03-16 | 4.3 MEDIUM | 4.7 MEDIUM |
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | |||||
CVE-2016-10079 | 1 Sap | 1 Saplpd | 2017-02-27 | 5.0 MEDIUM | 7.5 HIGH |
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||||
CVE-2014-5506 | 1 Sap | 1 Crystal Reports | 2017-01-06 | 6.8 MEDIUM | N/A |
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||||
CVE-2016-6859 | 1 Sap | 1 Hybris | 2017-01-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | |||||
CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2017-01-02 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | |||||
CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2017-01-02 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
CVE-2014-9569 | 1 Sap | 1 Netweaver Business Client For Html | 2017-01-02 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | |||||
CVE-2015-4161 | 1 Sap | 1 Afaria | 2016-12-30 | 7.5 HIGH | N/A |
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | |||||
CVE-2013-7365 | 1 Sap | 1 Enterprise Portal | 2016-12-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2014-4159 | 1 Sap | 1 Supplier Relationship Management | 2016-12-15 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
CVE-2015-3449 | 1 Sap | 1 Afaria | 2016-12-05 | 7.2 HIGH | N/A |
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | |||||
CVE-2016-7435 | 1 Sap | 1 Netweaver | 2016-11-28 | 9.0 HIGH | 9.1 CRITICAL |
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | |||||
CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||||
CVE-2016-6150 | 1 Sap | 1 Hana | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | |||||
CVE-2016-6148 | 1 Sap | 1 Hana | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136. | |||||
CVE-2016-6147 | 1 Sap | 1 Trex | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||||
CVE-2016-6145 | 1 Sap | 1 Hana Db | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | |||||
CVE-2016-6144 | 1 Sap | 1 Hana | 2016-11-28 | 4.3 MEDIUM | 8.1 HIGH |
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869. | |||||
CVE-2016-6138 | 1 Sap | 1 Trex | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. |