Vendor CVEs
SAP
All CVEs
1,818 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2748 | 0.00 | — | 0.02 | Apr 10, 2014 | The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||
| CVE-2013-7367 | 0.00 | — | 0.02 | Apr 10, 2014 | SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2013-7366 | 0.00 | — | 0.02 | Apr 10, 2014 | The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||
| CVE-2013-7365 | 0.00 | — | 0.01 | Apr 10, 2014 | Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2013-7364 | 0.00 | — | 0.02 | Apr 10, 2014 | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||
| CVE-2013-7363 | 0.00 | — | 0.02 | Apr 10, 2014 | Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. | |||
| CVE-2013-7362 | 0.00 | — | 0.02 | Apr 10, 2014 | An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||
| CVE-2013-7361 | 0.00 | — | 0.01 | Apr 10, 2014 | Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||
| CVE-2013-7360 | 0.00 | — | 0.01 | Apr 10, 2014 | Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | |||
| CVE-2013-7359 | 0.00 | — | 0.01 | Apr 10, 2014 | Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | |||
| CVE-2013-7358 | 0.00 | — | 0.01 | Apr 10, 2014 | Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | |||
| CVE-2013-7357 | 0.00 | — | 0.01 | Apr 10, 2014 | Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||
| CVE-2013-7356 | 0.00 | — | 0.01 | Apr 10, 2014 | Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||
| CVE-2013-7355 | 0.00 | — | 0.01 | Apr 10, 2014 | SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||
| CVE-2014-1965 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors… | |||
| CVE-2014-1964 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | |||
| CVE-2014-1963 | 0.00 | — | 0.02 | Feb 14, 2014 | Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2014-1962 | 0.00 | — | 0.01 | Feb 14, 2014 | Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||
| CVE-2014-1961 | 0.00 | — | 0.02 | Feb 14, 2014 | Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | |||
| CVE-2014-1960 | 0.00 | — | 0.01 | Feb 14, 2014 | The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-7096 | 0.00 | — | 0.02 | Dec 13, 2013 | Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-7095 | 0.00 | — | 0.02 | Dec 13, 2013 | The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | |||
| CVE-2013-7094 | 0.00 | — | 0.01 | Dec 13, 2013 | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-7093 | 0.00 | — | 0.03 | Dec 13, 2013 | SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||
| CVE-2013-6869 | 0.00 | — | 0.01 | Nov 23, 2013 | SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-6867 | 0.00 | — | 0.02 | Nov 23, 2013 | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2013-6866 | 0.00 | — | 0.03 | Nov 23, 2013 | SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. | |||
| CVE-2013-6865 | 0.00 | — | 0.03 | Nov 23, 2013 | SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989. | |||
| CVE-2013-6864 | 0.00 | — | 0.01 | Nov 23, 2013 | Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via… | |||
| CVE-2013-6863 | 0.00 | — | 0.02 | Nov 23, 2013 | SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2013-6861 | 0.00 | — | 0.00 | Nov 23, 2013 | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-6860 | 0.00 | — | 0.01 | Nov 23, 2013 | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-6859 | 0.00 | — | 0.02 | Nov 23, 2013 | SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2013-6823 | 0.00 | — | 0.01 | Nov 20, 2013 | GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-6822 | 0.00 | — | 0.02 | Nov 20, 2013 | GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | |||
| CVE-2013-6821 | 0.00 | — | 0.02 | Nov 20, 2013 | Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-6820 | 0.00 | — | 0.04 | Nov 20, 2013 | Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. | |||
| CVE-2013-6819 | 0.00 | — | 0.01 | Nov 20, 2013 | Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6818 | 0.00 | — | 0.01 | Nov 20, 2013 | SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-6817 | 0.00 | — | 0.03 | Nov 20, 2013 | Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. | |||
| CVE-2013-6816 | 0.00 | — | 0.01 | Nov 20, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6815 | 0.00 | — | 0.02 | Nov 20, 2013 | The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | |||
| CVE-2013-6814 | 0.00 | — | 0.02 | Nov 20, 2013 | The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||
| CVE-2013-6284 | 0.00 | — | 0.02 | Oct 26, 2013 | Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." | |||
| CVE-2013-6244 | 0.00 | — | 0.02 | Oct 24, 2013 | The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity… | |||
| CVE-2013-3244 | 0.00 | — | 0.02 | Oct 24, 2013 | Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | |||
| CVE-2013-5751 | 0.00 | — | 0.02 | Sep 16, 2013 | Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-5723 | 0.00 | — | 0.02 | Sep 12, 2013 | SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||
| CVE-2013-3063 | 0.00 | — | 0.01 | May 1, 2013 | SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2013-3062 | 0.00 | — | 0.02 | May 1, 2013 | The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. |
- CVE-2014-2748Apr 10, 2014risk 0.00cvss —epss 0.02
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
- CVE-2013-7367Apr 10, 2014risk 0.00cvss —epss 0.02
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
- CVE-2013-7366Apr 10, 2014risk 0.00cvss —epss 0.02
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications.
- CVE-2013-7365Apr 10, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- CVE-2013-7364Apr 10, 2014risk 0.00cvss —epss 0.02
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
- CVE-2013-7363Apr 10, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.
- CVE-2013-7362Apr 10, 2014risk 0.00cvss —epss 0.02
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
- CVE-2013-7361Apr 10, 2014risk 0.00cvss —epss 0.01
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
- CVE-2013-7360Apr 10, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors.
- CVE-2013-7359Apr 10, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue.
- CVE-2013-7358Apr 10, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.
- CVE-2013-7357Apr 10, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.
- CVE-2013-7356Apr 10, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors.
- CVE-2013-7355Apr 10, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
- CVE-2014-1965Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors…
- CVE-2014-1964Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.
- CVE-2014-1963Feb 14, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.
- CVE-2014-1962Feb 14, 2014risk 0.00cvss —epss 0.01
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
- CVE-2014-1961Feb 14, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
- CVE-2014-1960Feb 14, 2014risk 0.00cvss —epss 0.01
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2013-7096Dec 13, 2013risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-7095Dec 13, 2013risk 0.00cvss —epss 0.02
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
- CVE-2013-7094Dec 13, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-7093Dec 13, 2013risk 0.00cvss —epss 0.03
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.
- CVE-2013-6869Nov 23, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-6867Nov 23, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.
- CVE-2013-6866Nov 23, 2013risk 0.00cvss —epss 0.03
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
- CVE-2013-6865Nov 23, 2013risk 0.00cvss —epss 0.03
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
- CVE-2013-6864Nov 23, 2013risk 0.00cvss —epss 0.01
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via…
- CVE-2013-6863Nov 23, 2013risk 0.00cvss —epss 0.02
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors.
- CVE-2013-6861Nov 23, 2013risk 0.00cvss —epss 0.00
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors.
- CVE-2013-6860Nov 23, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2013-6859Nov 23, 2013risk 0.00cvss —epss 0.02
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
- CVE-2013-6823Nov 20, 2013risk 0.00cvss —epss 0.01
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2013-6822Nov 20, 2013risk 0.00cvss —epss 0.02
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
- CVE-2013-6821Nov 20, 2013risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2013-6820Nov 20, 2013risk 0.00cvss —epss 0.04
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
- CVE-2013-6819Nov 20, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6818Nov 20, 2013risk 0.00cvss —epss 0.01
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2013-6817Nov 20, 2013risk 0.00cvss —epss 0.03
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
- CVE-2013-6816Nov 20, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6815Nov 20, 2013risk 0.00cvss —epss 0.02
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
- CVE-2013-6814Nov 20, 2013risk 0.00cvss —epss 0.02
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
- CVE-2013-6284Oct 26, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
- CVE-2013-6244Oct 24, 2013risk 0.00cvss —epss 0.02
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity…
- CVE-2013-3244Oct 24, 2013risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
- CVE-2013-5751Sep 16, 2013risk 0.00cvss —epss 0.02
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2013-5723Sep 12, 2013risk 0.00cvss —epss 0.02
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
- CVE-2013-3063May 1, 2013risk 0.00cvss —epss 0.01
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
- CVE-2013-3062May 1, 2013risk 0.00cvss —epss 0.02
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
Page 35 of 37