ReportizFlow
Filtered by vendor Sap
Subscriptions
Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8591 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | ||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2025-04-12 | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2025-04-12 | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||||
| CVE-2015-7728 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. | ||||
| CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2025-04-12 | N/A |
| The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2025-04-12 | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | ||||
| CVE-2016-6150 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | ||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2025-04-12 | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | ||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | ||||
| CVE-2016-6146 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | ||||
| CVE-2016-6145 | 1 Sap | 1 Hana Db | 2025-04-12 | N/A |
| The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | ||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
| CVE-2016-6139 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | ||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2025-04-12 | N/A |
| SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2016-9562 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 7.5 High |
| SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. | ||||
| CVE-2016-6137 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | ||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | ||||
| CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | ||||