Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8871 | 1 Sap | 1 Hybris | 2024-08-06 | N/A |
| Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | ||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2024-08-06 | N/A |
| SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2024-08-06 | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2024-08-06 | N/A |
| SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2024-08-06 | N/A |
| SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | ||||
| CVE-2014-8591 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | ||||
| CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2024-08-06 | N/A |
| XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | ||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2024-08-06 | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2024-08-06 | N/A |
| Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | ||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2024-08-06 | N/A |
| Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | ||||
| CVE-2014-8314 | 1 Sap | 1 Hana | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | ||||
| CVE-2014-8316 | 1 Sap | 1 Businessobjects Explorer | 2024-08-06 | N/A |
| XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | ||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2024-08-06 | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | ||||
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2024-08-06 | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | ||||
| CVE-2014-8312 | 1 Sap | 1 Netweaver Abap | 2024-08-06 | N/A |
| Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | ||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2024-08-06 | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | ||||
| CVE-2014-8311 | 1 Sap | 1 Businessobjects | 2024-08-06 | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | ||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||