Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2024-09-16 | N/A |
| SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2024-09-16 | N/A |
| Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
| CVE-2009-4603 | 1 Sap | 3 Sap Kernel, Sap Netweaver, Sap Web Application Server | 2024-09-16 | N/A |
| Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-1291 | 1 Sap | 1 Netweaver | 2024-09-16 | N/A |
| Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | ||||
| CVE-2012-1292 | 1 Sap | 1 Netweaver | 2024-09-16 | N/A |
| Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | ||||
| CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2024-09-16 | N/A |
| SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | ||||
| CVE-2003-0944 | 1 Sap | 1 Sap Db | 2024-09-16 | N/A |
| Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI. | ||||
| CVE-2017-16683 | 1 Sap | 1 Businessobjects | 2024-09-16 | N/A |
| Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | ||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2024-09-16 | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | ||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2024-09-16 | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||||
| CVE-2017-16690 | 1 Sap | 1 Plant Connectivity | 2024-09-16 | N/A |
| A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | ||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2024-09-16 | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2024-09-16 | N/A |
| Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2024-09-16 | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2024-09-16 | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | ||||
| CVE-2013-7360 | 1 Sap | 1 Adminadapter | 2024-09-16 | N/A |
| Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | ||||
| CVE-2017-16685 | 1 Sap | 1 Business Warehouse Universal Data Integration | 2024-09-16 | N/A |
| Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | ||||
| CVE-2017-16680 | 1 Sap | 1 Hana Extended Application Services | 2024-09-16 | N/A |
| Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct. | ||||
| CVE-2017-16684 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2024-09-16 | N/A |
| SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | ||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2024-09-16 | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | ||||