Vendor CVEs
SAP
All CVEs
1,818 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8660 | 0.00 | — | 0.00 | Nov 6, 2014 | SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-8659 | 0.00 | — | 0.02 | Nov 6, 2014 | Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2014-8592 | 0.00 | — | 0.02 | Nov 4, 2014 | Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | |||
| CVE-2014-8591 | 0.00 | — | 0.02 | Nov 4, 2014 | Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | |||
| CVE-2014-8590 | 0.00 | — | 0.02 | Nov 4, 2014 | XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | |||
| CVE-2014-8589 | 0.00 | — | 0.02 | Nov 4, 2014 | Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | |||
| CVE-2014-8588 | 0.00 | — | 0.01 | Nov 4, 2014 | SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8587 | 0.00 | — | 0.01 | Nov 4, 2014 | SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | |||
| CVE-2014-6283 | 0.00 | — | 0.01 | Oct 17, 2014 | SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a… | |||
| CVE-2014-8316 | 0.00 | — | 0.03 | Oct 16, 2014 | XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | |||
| CVE-2014-8315 | 0.00 | — | 0.02 | Oct 16, 2014 | polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | |||
| CVE-2014-8314 | 0.00 | — | 0.02 | Oct 16, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | |||
| CVE-2014-8313 | 0.00 | — | 0.02 | Oct 16, 2014 | Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | |||
| CVE-2014-8312 | 0.00 | — | 0.02 | Oct 16, 2014 | Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | |||
| CVE-2014-8311 | 0.00 | — | 0.02 | Oct 16, 2014 | SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | |||
| CVE-2014-8310 | 0.00 | — | 0.03 | Oct 16, 2014 | The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||
| CVE-2014-8309 | 0.00 | — | 0.02 | Oct 16, 2014 | SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise… | |||
| CVE-2014-8308 | 0.00 | — | 0.02 | Oct 16, 2014 | Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6252 | 0.00 | — | 0.02 | Sep 5, 2014 | Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | |||
| CVE-2014-5506 | 0.00 | — | 0.03 | Sep 4, 2014 | Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||
| CVE-2014-5505 | 0.00 | — | 0.04 | Sep 4, 2014 | Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | |||
| CVE-2014-5176 | 0.00 | — | 0.02 | Jul 31, 2014 | SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-5175 | 0.00 | — | 0.02 | Jul 31, 2014 | The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||
| CVE-2014-5174 | 0.00 | — | 0.02 | Jul 31, 2014 | The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-5173 | 0.00 | — | 0.03 | Jul 31, 2014 | SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | |||
| CVE-2014-5172 | 0.00 | — | 0.03 | Jul 31, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-5171 | 0.00 | — | 0.02 | Jul 31, 2014 | SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. | |||
| CVE-2014-4161 | 0.00 | — | 0.01 | Jun 13, 2014 | Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-4160 | 0.00 | — | 0.01 | Jun 13, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||
| CVE-2014-4159 | 0.00 | — | 0.01 | Jun 13, 2014 | Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||
| CVE-2014-4012 | 0.00 | — | 0.01 | Jun 9, 2014 | SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4011 | 0.00 | — | 0.01 | Jun 9, 2014 | SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4010 | 0.00 | — | 0.01 | Jun 9, 2014 | SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4009 | 0.00 | — | 0.01 | Jun 9, 2014 | SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4008 | 0.00 | — | 0.01 | Jun 9, 2014 | SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4007 | 0.00 | — | 0.01 | Jun 9, 2014 | The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4006 | 0.00 | — | 0.01 | Jun 9, 2014 | The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4005 | 0.00 | — | 0.01 | Jun 9, 2014 | SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4004 | 0.00 | — | 0.01 | Jun 9, 2014 | The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4003 | 0.00 | — | 0.03 | Jun 9, 2014 | The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | |||
| CVE-2014-3787 | 0.00 | — | 0.01 | May 19, 2014 | SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||
| CVE-2014-3134 | 0.00 | — | 0.01 | Apr 30, 2014 | Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3133 | 0.00 | — | 0.02 | Apr 30, 2014 | SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | |||
| CVE-2014-3132 | 0.00 | — | 0.01 | Apr 30, 2014 | SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||
| CVE-2014-3131 | 0.00 | — | 0.01 | Apr 30, 2014 | SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||
| CVE-2014-3130 | 0.00 | — | 0.00 | Apr 30, 2014 | The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. | |||
| CVE-2014-3129 | 0.00 | — | 0.02 | Apr 30, 2014 | The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||
| CVE-2014-2752 | 0.00 | — | 0.02 | Apr 10, 2014 | SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-2751 | 0.00 | — | 0.02 | Apr 10, 2014 | SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-2749 | 0.00 | — | 0.02 | Apr 10, 2014 | The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. |
- CVE-2014-8660Nov 6, 2014risk 0.00cvss —epss 0.00
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
- CVE-2014-8659Nov 6, 2014risk 0.00cvss —epss 0.02
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2014-8592Nov 4, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.
- CVE-2014-8591Nov 4, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.
- CVE-2014-8590Nov 4, 2014risk 0.00cvss —epss 0.02
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
- CVE-2014-8589Nov 4, 2014risk 0.00cvss —epss 0.02
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
- CVE-2014-8588Nov 4, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-8587Nov 4, 2014risk 0.00cvss —epss 0.01
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
- CVE-2014-6283Oct 17, 2014risk 0.00cvss —epss 0.01
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a…
- CVE-2014-8316Oct 16, 2014risk 0.00cvss —epss 0.03
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
- CVE-2014-8315Oct 16, 2014risk 0.00cvss —epss 0.02
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.
- CVE-2014-8314Oct 16, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.
- CVE-2014-8313Oct 16, 2014risk 0.00cvss —epss 0.02
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
- CVE-2014-8312Oct 16, 2014risk 0.00cvss —epss 0.02
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
- CVE-2014-8311Oct 16, 2014risk 0.00cvss —epss 0.02
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
- CVE-2014-8310Oct 16, 2014risk 0.00cvss —epss 0.03
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
- CVE-2014-8309Oct 16, 2014risk 0.00cvss —epss 0.02
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise…
- CVE-2014-8308Oct 16, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6252Sep 5, 2014risk 0.00cvss —epss 0.02
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
- CVE-2014-5506Sep 4, 2014risk 0.00cvss —epss 0.03
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
- CVE-2014-5505Sep 4, 2014risk 0.00cvss —epss 0.04
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
- CVE-2014-5176Jul 31, 2014risk 0.00cvss —epss 0.02
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-5175Jul 31, 2014risk 0.00cvss —epss 0.02
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
- CVE-2014-5174Jul 31, 2014risk 0.00cvss —epss 0.02
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2014-5173Jul 31, 2014risk 0.00cvss —epss 0.03
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
- CVE-2014-5172Jul 31, 2014risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-5171Jul 31, 2014risk 0.00cvss —epss 0.02
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
- CVE-2014-4161Jun 13, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
- CVE-2014-4160Jun 13, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
- CVE-2014-4159Jun 13, 2014risk 0.00cvss —epss 0.01
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
- CVE-2014-4012Jun 9, 2014risk 0.00cvss —epss 0.01
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4011Jun 9, 2014risk 0.00cvss —epss 0.01
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4010Jun 9, 2014risk 0.00cvss —epss 0.01
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4009Jun 9, 2014risk 0.00cvss —epss 0.01
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4008Jun 9, 2014risk 0.00cvss —epss 0.01
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4007Jun 9, 2014risk 0.00cvss —epss 0.01
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4006Jun 9, 2014risk 0.00cvss —epss 0.01
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4005Jun 9, 2014risk 0.00cvss —epss 0.01
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4004Jun 9, 2014risk 0.00cvss —epss 0.01
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-4003Jun 9, 2014risk 0.00cvss —epss 0.03
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
- CVE-2014-3787May 19, 2014risk 0.00cvss —epss 0.01
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
- CVE-2014-3134Apr 30, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-3133Apr 30, 2014risk 0.00cvss —epss 0.02
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
- CVE-2014-3132Apr 30, 2014risk 0.00cvss —epss 0.01
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
- CVE-2014-3131Apr 30, 2014risk 0.00cvss —epss 0.01
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
- CVE-2014-3130Apr 30, 2014risk 0.00cvss —epss 0.00
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.
- CVE-2014-3129Apr 30, 2014risk 0.00cvss —epss 0.02
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.
- CVE-2014-2752Apr 10, 2014risk 0.00cvss —epss 0.02
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-2751Apr 10, 2014risk 0.00cvss —epss 0.02
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-2749Apr 10, 2014risk 0.00cvss —epss 0.02
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
Page 34 of 37