ReportizFlow
Filtered by vendor Sap
Subscriptions
Total
1535 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2025-04-12 | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | ||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2025-04-12 | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | ||||
| CVE-2015-3621 | 1 Sap | 1 Enterprise Central Component | 2025-04-12 | N/A |
| Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | ||||
| CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-04-12 | N/A |
| Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | ||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2025-04-12 | N/A |
| The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | ||||
| CVE-2013-3678 | 1 Sap | 1 Governance Risk And Compliance | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request. | ||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2025-04-12 | N/A |
| SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | ||||
| CVE-2016-3638 | 1 Sap | 1 Sld Registration | 2025-04-12 | N/A |
| SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | ||||
| CVE-2016-6142 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | ||||
| CVE-2015-8753 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | ||||
| CVE-2016-4017 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | ||||
| CVE-2016-3639 | 1 Sap | 1 Hana Db | 2025-04-12 | N/A |
| SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | ||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | ||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | ||||
| CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2025-04-12 | N/A |
| SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-4006 | 1 Sap | 1 Oil Industry Solution Traders And Schedulers Workbench | 2025-04-12 | N/A |
| The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | ||||