Vendor CVEs
SAP
All CVEs
1,818 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5068 | 0.00 | — | 0.03 | Jun 24, 2015 | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. | |||
| CVE-2015-5067 | 0.00 | — | 0.03 | Jun 24, 2015 | The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||
| CVE-2014-6284 | 0.00 | — | 0.02 | Jun 8, 2015 | SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995. | |||
| CVE-2015-4161 | 0.00 | — | 0.01 | Jun 2, 2015 | SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | |||
| CVE-2015-4160 | 0.00 | — | 0.01 | Jun 2, 2015 | SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||
| CVE-2015-4159 | 0.00 | — | 0.01 | Jun 2, 2015 | SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||
| CVE-2015-4158 | 0.00 | — | 0.02 | Jun 2, 2015 | SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||
| CVE-2015-4157 | 0.00 | — | 0.01 | Jun 2, 2015 | SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | |||
| CVE-2015-2282 | 0.00 | — | 0.04 | Jun 2, 2015 | Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and… | |||
| CVE-2015-2278 | 0.00 | — | 0.02 | Jun 2, 2015 | The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows… | |||
| CVE-2015-3995 | 0.00 | — | 0.01 | May 29, 2015 | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | |||
| CVE-2015-3994 | 0.00 | — | 0.01 | May 29, 2015 | The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||
| CVE-2015-4092 | 0.00 | — | 0.03 | May 26, 2015 | Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690. | |||
| CVE-2015-4091 | 0.00 | — | 0.03 | May 26, 2015 | XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. | |||
| CVE-2015-3981 | 0.00 | — | 0.02 | May 12, 2015 | SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||
| CVE-2015-3980 | 0.00 | — | 0.01 | May 12, 2015 | SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||
| CVE-2015-3979 | 0.00 | — | 0.02 | May 12, 2015 | Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | |||
| CVE-2015-3978 | 0.00 | — | 0.00 | May 12, 2015 | SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | |||
| CVE-2015-2820 | 0.00 | — | 0.04 | Apr 1, 2015 | Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | |||
| CVE-2015-2819 | 0.00 | — | 0.02 | Apr 1, 2015 | SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | |||
| CVE-2015-2818 | 0.00 | — | 0.01 | Apr 1, 2015 | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | |||
| CVE-2015-2817 | 0.00 | — | 0.02 | Apr 1, 2015 | The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||
| CVE-2015-2816 | 0.00 | — | 0.03 | Apr 1, 2015 | The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||
| CVE-2015-2815 | 0.00 | — | 0.04 | Apr 1, 2015 | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security… | |||
| CVE-2015-2814 | 0.00 | — | 0.01 | Apr 1, 2015 | SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP… | |||
| CVE-2015-2813 | 0.00 | — | 0.02 | Apr 1, 2015 | XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||
| CVE-2015-2812 | 0.00 | — | 0.03 | Apr 1, 2015 | XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | |||
| CVE-2015-2811 | 0.00 | — | 0.02 | Apr 1, 2015 | XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | |||
| CVE-2015-2076 | 0.00 | — | 0.02 | Feb 27, 2015 | The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||
| CVE-2015-2075 | 0.00 | — | 0.03 | Feb 27, 2015 | SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||
| CVE-2015-2072 | 0.00 | — | 0.02 | Feb 27, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceD… | |||
| CVE-2015-1312 | 0.00 | — | 0.01 | Jan 22, 2015 | The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is… | |||
| CVE-2015-1311 | 0.00 | — | 0.02 | Jan 22, 2015 | The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2015-1310 | 0.00 | — | 0.01 | Jan 22, 2015 | SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2015-1309 | 0.00 | — | 0.02 | Jan 22, 2015 | XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. | |||
| CVE-2014-9595 | 0.00 | — | 0.02 | Jan 15, 2015 | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. | |||
| CVE-2014-9594 | 0.00 | — | 0.02 | Jan 15, 2015 | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. | |||
| CVE-2014-9569 | 0.00 | — | 0.02 | Jan 7, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | |||
| CVE-2014-9387 | 0.00 | — | 0.05 | Dec 17, 2014 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | |||
| CVE-2014-9264 | 0.00 | — | 0.04 | Dec 11, 2014 | Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | |||
| CVE-2013-3678 | 0.00 | — | 0.04 | Nov 19, 2014 | Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | |||
| CVE-2014-8669 | 0.00 | — | 0.05 | Nov 6, 2014 | The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-8668 | 0.00 | — | 0.01 | Nov 6, 2014 | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8667 | 0.00 | — | 0.01 | Nov 6, 2014 | Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-8666 | 0.00 | — | 0.01 | Nov 6, 2014 | The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||
| CVE-2014-8665 | 0.00 | — | 0.01 | Nov 6, 2014 | The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||
| CVE-2014-8664 | 0.00 | — | 0.01 | Nov 6, 2014 | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8663 | 0.00 | — | 0.01 | Nov 6, 2014 | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8662 | 0.00 | — | 0.01 | Nov 6, 2014 | Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | |||
| CVE-2014-8661 | 0.00 | — | 0.03 | Nov 6, 2014 | The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. |
- CVE-2015-5068Jun 24, 2015risk 0.00cvss —epss 0.03
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.
- CVE-2015-5067Jun 24, 2015risk 0.00cvss —epss 0.03
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
- CVE-2014-6284Jun 8, 2015risk 0.00cvss —epss 0.02
SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.
- CVE-2015-4161Jun 2, 2015risk 0.00cvss —epss 0.01
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
- CVE-2015-4160Jun 2, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
- CVE-2015-4159Jun 2, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.
- CVE-2015-4158Jun 2, 2015risk 0.00cvss —epss 0.02
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.
- CVE-2015-4157Jun 2, 2015risk 0.00cvss —epss 0.01
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.
- CVE-2015-2282Jun 2, 2015risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and…
- CVE-2015-2278Jun 2, 2015risk 0.00cvss —epss 0.02
The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows…
- CVE-2015-3995May 29, 2015risk 0.00cvss —epss 0.01
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.
- CVE-2015-3994May 29, 2015risk 0.00cvss —epss 0.01
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.
- CVE-2015-4092May 26, 2015risk 0.00cvss —epss 0.03
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.
- CVE-2015-4091May 26, 2015risk 0.00cvss —epss 0.03
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
- CVE-2015-3981May 12, 2015risk 0.00cvss —epss 0.02
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.
- CVE-2015-3980May 12, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
- CVE-2015-3979May 12, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
- CVE-2015-3978May 12, 2015risk 0.00cvss —epss 0.00
SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830.
- CVE-2015-2820Apr 1, 2015risk 0.00cvss —epss 0.04
Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.
- CVE-2015-2819Apr 1, 2015risk 0.00cvss —epss 0.02
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.
- CVE-2015-2818Apr 1, 2015risk 0.00cvss —epss 0.01
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.
- CVE-2015-2817Apr 1, 2015risk 0.00cvss —epss 0.02
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
- CVE-2015-2816Apr 1, 2015risk 0.00cvss —epss 0.03
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.
- CVE-2015-2815Apr 1, 2015risk 0.00cvss —epss 0.04
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security…
- CVE-2015-2814Apr 1, 2015risk 0.00cvss —epss 0.01
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP…
- CVE-2015-2813Apr 1, 2015risk 0.00cvss —epss 0.02
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
- CVE-2015-2812Apr 1, 2015risk 0.00cvss —epss 0.03
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
- CVE-2015-2811Apr 1, 2015risk 0.00cvss —epss 0.02
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
- CVE-2015-2076Feb 27, 2015risk 0.00cvss —epss 0.02
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
- CVE-2015-2075Feb 27, 2015risk 0.00cvss —epss 0.03
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
- CVE-2015-2072Feb 27, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceD…
- CVE-2015-1312Jan 22, 2015risk 0.00cvss —epss 0.01
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is…
- CVE-2015-1311Jan 22, 2015risk 0.00cvss —epss 0.02
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2015-1310Jan 22, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2015-1309Jan 22, 2015risk 0.00cvss —epss 0.02
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
- CVE-2014-9595Jan 15, 2015risk 0.00cvss —epss 0.02
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
- CVE-2014-9594Jan 15, 2015risk 0.00cvss —epss 0.02
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
- CVE-2014-9569Jan 7, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
- CVE-2014-9387Dec 17, 2014risk 0.00cvss —epss 0.05
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
- CVE-2014-9264Dec 11, 2014risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
- CVE-2013-3678Nov 19, 2014risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
- CVE-2014-8669Nov 6, 2014risk 0.00cvss —epss 0.05
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2014-8668Nov 6, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-8667Nov 6, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-8666Nov 6, 2014risk 0.00cvss —epss 0.01
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.
- CVE-2014-8665Nov 6, 2014risk 0.00cvss —epss 0.01
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.
- CVE-2014-8664Nov 6, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-8663Nov 6, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-8662Nov 6, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
- CVE-2014-8661Nov 6, 2014risk 0.00cvss —epss 0.03
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
Page 33 of 37