Filtered by vendor Sap
Subscriptions
Total
1468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42475 | 1 Sap | 1 S\/4hana | 2024-09-19 | 4.3 Medium |
| The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | ||||
| CVE-2023-42474 | 1 Sap | 1 Businessobjects Web Intelligence | 2024-09-18 | 6.8 Medium |
| SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. | ||||
| CVE-2023-40310 | 1 Sap | 1 Powerdesigner | 2024-09-18 | 6.5 Medium |
| SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client. | ||||
| CVE-2023-41365 | 1 Sap | 1 Business One | 2024-09-18 | 4.3 Medium |
| SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability. | ||||
| CVE-2023-42477 | 1 Sap | 1 Netweaver Application Server Java | 2024-09-18 | 6.5 Medium |
| SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | ||||
| CVE-2010-3980 | 1 Sap | 1 Businessobjects | 2024-09-17 | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | ||||
| CVE-2012-1290 | 1 Sap | 1 Netweaver | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | ||||
| CVE-2006-7220 | 1 Sap | 2 Saplpd, Sapsprint | 2024-09-17 | N/A |
| Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2003-0942 | 1 Sap | 1 Sap Db | 2024-09-17 | N/A |
| Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa. | ||||
| CVE-2017-16689 | 1 Sap | 1 Sap Kernel | 2024-09-17 | N/A |
| A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | ||||
| CVE-2009-3345 | 1 Sap | 1 Crystal Reports Server | 2024-09-17 | N/A |
| Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2024-09-17 | N/A |
| The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2003-0941 | 1 Sap | 1 Sap Db | 2024-09-17 | N/A |
| web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa. | ||||
| CVE-2009-3346 | 1 Sap | 1 Crystal Reports Server | 2024-09-17 | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2014-4161 | 1 Sap | 1 Supplier Relationship Management | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2013-6284 | 1 Sap | 1 Erp Central Component | 2024-09-17 | N/A |
| Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." | ||||
| CVE-2010-3979 | 1 Sap | 1 Businessobjects | 2024-09-17 | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | ||||
| CVE-2013-7358 | 1 Sap | 1 Guided Procedures Archive Monitor | 2024-09-17 | N/A |
| Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | ||||
| CVE-2013-7357 | 1 Sap | 1 J2ee Engine | 2024-09-17 | N/A |
| Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | ||||
| CVE-2014-8662 | 1 Sap | 1 Payroll Process | 2024-09-17 | N/A |
| Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | ||||