VYPR

Vendor CVEs

SAP

All CVEs

1,818 total · sorted by risk
  • CVE-2014-2748Apr 10, 2014
    risk 0.00cvss epss 0.02

    The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.

  • CVE-2013-7367Apr 10, 2014
    risk 0.00cvss epss 0.02

    SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.

  • CVE-2013-7366Apr 10, 2014
    risk 0.00cvss epss 0.02

    The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications.

  • CVE-2013-7365Apr 10, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2013-7364Apr 10, 2014
    risk 0.00cvss epss 0.02

    An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

  • CVE-2013-7363Apr 10, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.

  • CVE-2013-7362Apr 10, 2014
    risk 0.00cvss epss 0.02

    An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.

  • CVE-2013-7361Apr 10, 2014
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.

  • CVE-2013-7360Apr 10, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors.

  • CVE-2013-7359Apr 10, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue.

  • CVE-2013-7358Apr 10, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.

  • CVE-2013-7357Apr 10, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.

  • CVE-2013-7356Apr 10, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors.

  • CVE-2013-7355Apr 10, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.

  • CVE-2014-1965Feb 14, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors…

  • CVE-2014-1964Feb 14, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.

  • CVE-2014-1963Feb 14, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.

  • CVE-2014-1962Feb 14, 2014
    risk 0.00cvss epss 0.01

    Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

  • CVE-2014-1961Feb 14, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.

  • CVE-2014-1960Feb 14, 2014
    risk 0.00cvss epss 0.01

    The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2013-7096Dec 13, 2013
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-7095Dec 13, 2013
    risk 0.00cvss epss 0.02

    The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.

  • CVE-2013-7094Dec 13, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-7093Dec 13, 2013
    risk 0.00cvss epss 0.03

    SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.

  • CVE-2013-6869Nov 23, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-6867Nov 23, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2013-6866Nov 23, 2013
    risk 0.00cvss epss 0.03

    SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.

  • CVE-2013-6865Nov 23, 2013
    risk 0.00cvss epss 0.03

    SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.

  • CVE-2013-6864Nov 23, 2013
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via…

  • CVE-2013-6863Nov 23, 2013
    risk 0.00cvss epss 0.02

    SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors.

  • CVE-2013-6861Nov 23, 2013
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2013-6860Nov 23, 2013
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2013-6859Nov 23, 2013
    risk 0.00cvss epss 0.02

    SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors.

  • CVE-2013-6823Nov 20, 2013
    risk 0.00cvss epss 0.01

    GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2013-6822Nov 20, 2013
    risk 0.00cvss epss 0.02

    GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.

  • CVE-2013-6821Nov 20, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-6820Nov 20, 2013
    risk 0.00cvss epss 0.04

    Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.

  • CVE-2013-6819Nov 20, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6818Nov 20, 2013
    risk 0.00cvss epss 0.01

    SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2013-6817Nov 20, 2013
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.

  • CVE-2013-6816Nov 20, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6815Nov 20, 2013
    risk 0.00cvss epss 0.02

    The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

  • CVE-2013-6814Nov 20, 2013
    risk 0.00cvss epss 0.02

    The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

  • CVE-2013-6284Oct 26, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."

  • CVE-2013-6244Oct 24, 2013
    risk 0.00cvss epss 0.02

    The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity…

  • CVE-2013-3244Oct 24, 2013
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.

  • CVE-2013-5751Sep 16, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-5723Sep 12, 2013
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."

  • CVE-2013-3063May 1, 2013
    risk 0.00cvss epss 0.01

    SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

  • CVE-2013-3062May 1, 2013
    risk 0.00cvss epss 0.02

    The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.