Filtered by vendor Sap Subscriptions
Total 1493 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-4161 1 Sap 1 Supplier Relationship Management 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2013-6284 1 Sap 1 Erp Central Component 2024-09-17 N/A
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
CVE-2010-3979 1 Sap 1 Businessobjects 2024-09-17 N/A
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
CVE-2013-7358 1 Sap 1 Guided Procedures Archive Monitor 2024-09-17 N/A
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.
CVE-2013-7357 1 Sap 1 J2ee Engine 2024-09-17 N/A
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.
CVE-2014-8662 1 Sap 1 Payroll Process 2024-09-17 N/A
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
CVE-2003-0943 1 Sap 1 Sap Db 2024-09-17 N/A
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
CVE-2013-3244 1 Sap 1 Erp Central Component 2024-09-17 N/A
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
CVE-2015-8029 1 Sap 1 3d Visual Enterprise Viewer 2024-09-17 N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVE-2005-1691 1 Sap 1 Sap R 3 2024-09-17 N/A
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
CVE-2014-8667 1 Sap 1 Hana Web-based Development Workbench 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6244 1 Sap 1 Netweaver 2024-09-17 N/A
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-7363 1 Sap 1 Solution Manager 2024-09-17 N/A
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.
CVE-2017-16691 1 Sap 1 Business Application Software Integrated Solution 2024-09-17 N/A
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
CVE-2013-7359 1 Sap 1 Mobile Infrastructure 2024-09-17 N/A
Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue.
CVE-2017-16678 1 Sap 4 Epbc, Epbc2, Kmc-bc and 1 more 2024-09-17 N/A
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
CVE-2012-4341 1 Sap 1 Netweaver Abap 2024-09-17 N/A
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
CVE-2017-16687 1 Sap 1 Hana Database 2024-09-16 N/A
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
CVE-2015-8030 1 Sap 1 3d Visual Enterprise Viewer 2024-09-16 N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.
CVE-2009-3344 2 Microsoft, Sap 2 Windows Xp, Crystal Reports Server 2024-09-16 N/A
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.